Skip to content

OCI 마이그레이션 #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asp345 merged 21 commits into from
Feb 28, 2026
Merged

OCI 마이그레이션 #491

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
6884606
mongodb username, password 설정 추가
asp345 Feb 11, 2026
c714cf5
aws->oci 전환
asp345 Feb 11, 2026
d7d1e41
fix actions
asp345 Feb 11, 2026
74325ff
hardcode compartmentId
asp345 Feb 11, 2026
a1e99ad
add ocir namespace
asp345 Feb 11, 2026
9269753
mock storageClient, mailClient
asp345 Feb 11, 2026
fed468c
add jersey hk2 reflect-config
asp345 Feb 11, 2026
fde6170
update OciConfig.kt
asp345 Feb 11, 2026
4c620e4
use apikey instead
asp345 Feb 11, 2026
9d2304f
add image tag updater
asp345 Feb 11, 2026
ab7f921
fix image updater
asp345 Feb 12, 2026
18a95d5
remove workload identity deps:
asp345 Feb 13, 2026
44e4606
change vault secret property name
asp345 Feb 14, 2026
e6cdcf8
fix OciConfig.kt
asp345 Feb 14, 2026
9ec60b0
fix OciConfig.kt
asp345 Feb 14, 2026
04bac6a
use oci config auth in local profile
asp345 Feb 14, 2026
648d9cf
move jersey-hk2 hints
asp345 Feb 14, 2026
53fb4a3
keep s3:// scheme for compatibility
asp345 Feb 18, 2026
d4a748a
use spring-waffle 2.1.0
asp345 Feb 20, 2026
e1d295e
use async oci sdk for StorageClient and MailClient
asp345 Feb 21, 2026
b0d7832
remove unneeded mongodb username and password
asp345 Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .github/actions/update-image-tag/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Update image tag in waffle-world-oci
description: Updates the image tag in waffle-world-oci ArgoCD manifests

inputs:
app-id:
required: true
private-key:
required: true
ocir-registry:
required: true
ocir-namespace:
required: true
ocir-repository:
required: true
image-tag:
required: true

runs:
using: composite
steps:
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ inputs.app-id }}
private-key: ${{ inputs.private-key }}
owner: wafflestudio
repositories: waffle-world-oci

- name: Update image tag
shell: bash
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
OCIR_IMAGE: ${{ inputs.ocir-registry }}/${{ inputs.ocir-namespace }}/${{ inputs.ocir-repository }}
OCIR_REPOSITORY: ${{ inputs.ocir-repository }}
IMAGE_TAG: ${{ inputs.image-tag }}
run: |
REPO="wafflestudio/waffle-world-oci"
ENV_DIR=$(dirname "$OCIR_REPOSITORY")
DIR="argocd/$ENV_DIR"

for FILE_PATH in $(gh api "repos/$REPO/contents/$DIR" --jq '.[] | select(.name | endswith(".yaml") or endswith(".yml")) | .path'); do
CONTENT=$(gh api "repos/$REPO/contents/$FILE_PATH" --jq '.content' | base64 -d)
if echo "$CONTENT" | grep -q "image: $OCIR_IMAGE:"; then
UPDATED=$(echo "$CONTENT" | sed "s|image: $OCIR_IMAGE:[^ ]*|image: $OCIR_IMAGE:$IMAGE_TAG|g")
if [ "$CONTENT" != "$UPDATED" ]; then
SHA=$(gh api "repos/$REPO/contents/$FILE_PATH" --jq '.sha')
gh api --method PUT "repos/$REPO/contents/$FILE_PATH" \
-f message="build: update $OCIR_REPOSITORY to $IMAGE_TAG" \
-f content="$(echo "$UPDATED" | base64 -w 0)" \
-f sha="$SHA"
echo "Updated $FILE_PATH"
fi
fi
done
56 changes: 26 additions & 30 deletions .github/workflows/_deploy-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,19 @@ name: deploy-native-template
on:
workflow_call:
inputs:
ecr_repository:
ocir_repository:
required: true
type: string
dockerfile:
required: true
type: string
description: 'Dockerfile path (e.g., api/Dockerfile-native)'
secrets:
AWS_ACCESS_KEY_ID:
OCI_AUTH_TOKEN:
required: true
AWS_SECRET_ACCESS_KEY:
DEPLOYER_APP_ID:
required: true
DEPLOYER_APP_PRIVATE_KEY:
required: true

jobs:
Expand All @@ -24,43 +26,37 @@ jobs:
env:
IMAGE_TAG: ${{ github.run_number }}
BUILD_NUMBER: ${{ github.run_number }}
ECR_REGISTRY: 405906814034.dkr.ecr.ap-northeast-2.amazonaws.com
ECR_REPOSITORY: ${{ inputs.ecr_repository }}
OCIR_REGISTRY: yny.ocir.io
OCIR_NAMESPACE: ax1dvc8vmenm
OCIR_REPOSITORY: ${{ inputs.ocir_repository }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2

- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to OCIR
run: echo "${{ secrets.OCI_AUTH_TOKEN }}" | docker login $OCIR_REGISTRY -u ax1dvc8vmenm/members/snutt-deployer --password-stdin

- name: Get and save Auth Token for CodeArtifact
id: get-save-codeartifact-auth-token
run: |
aws codeartifact get-authorization-token \
--domain wafflestudio \
--domain-owner 405906814034 \
--query authorizationToken \
--region ap-northeast-1 \
--output text > .codeartifact_token

- name: Docker build, tag, and push image to ECR
- name: Docker build, tag, and push image to OCIR
id: build-push-image
run: |
echo "${{ github.token }}" > .github_token
docker build \
--secret id=codeartifact_token,src=./.codeartifact_token \
--secret id=github_token,src=./.github_token \
-f ${{ inputs.dockerfile }} \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
-t $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG \
. \
--platform linux/arm64
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
rm -f .github_token
docker push $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG
echo "image=$OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

- name: Update image tag in waffle-world-oci
uses: ./.github/actions/update-image-tag
with:
app-id: ${{ secrets.DEPLOYER_APP_ID }}
private-key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
ocir-registry: ${{ env.OCIR_REGISTRY }}
ocir-namespace: ${{ env.OCIR_NAMESPACE }}
ocir-repository: ${{ env.OCIR_REPOSITORY }}
image-tag: ${{ env.IMAGE_TAG }}
57 changes: 27 additions & 30 deletions .github/workflows/_deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,19 @@ name: deploy-template
on:
workflow_call:
inputs:
ecr_repository:
ocir_repository:
required: true
type: string
dockerfile:
required: true
type: string
description: 'Dockerfile path (e.g., api/Dockerfile)'
secrets:
AWS_ACCESS_KEY_ID:
OCI_AUTH_TOKEN:
required: true
AWS_SECRET_ACCESS_KEY:
DEPLOYER_APP_ID:
required: true
DEPLOYER_APP_PRIVATE_KEY:
required: true

jobs:
Expand All @@ -24,42 +26,37 @@ jobs:
env:
IMAGE_TAG: ${{ github.run_number }}
BUILD_NUMBER: ${{ github.run_number }}
ECR_REGISTRY: 405906814034.dkr.ecr.ap-northeast-2.amazonaws.com
ECR_REPOSITORY: ${{ inputs.ecr_repository }}
OCIR_REGISTRY: yny.ocir.io
OCIR_NAMESPACE: ax1dvc8vmenm
OCIR_REPOSITORY: ${{ inputs.ocir_repository }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2

- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to OCIR
run: echo "${{ secrets.OCI_AUTH_TOKEN }}" | docker login $OCIR_REGISTRY -u ax1dvc8vmenm/members/snutt-deployer --password-stdin

- name: Get and save Auth Token for CodeArtifact
id: get-save-codeartifact-auth-token
run: |
aws codeartifact get-authorization-token \
--domain wafflestudio \
--domain-owner 405906814034 \
--query authorizationToken \
--region ap-northeast-1 \
--output text > .codeartifact_token

- name: Docker build, tag, and push image to ECR
- name: Docker build, tag, and push image to OCIR
id: build-push-image
run: |
echo "${{ github.token }}" > .github_token
docker build \
--secret id=codeartifact_token,src=./.codeartifact_token \
--secret id=github_token,src=./.github_token \
-f ${{ inputs.dockerfile }} \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
-t $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG \
. \
--platform linux/arm64
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
rm -f .github_token
docker push $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG
echo "image=$OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

- name: Update image tag in waffle-world-oci
uses: ./.github/actions/update-image-tag
with:
app-id: ${{ secrets.DEPLOYER_APP_ID }}
private-key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
ocir-registry: ${{ env.OCIR_REGISTRY }}
ocir-namespace: ${{ env.OCIR_NAMESPACE }}
ocir-repository: ${{ env.OCIR_REPOSITORY }}
image-tag: ${{ env.IMAGE_TAG }}
9 changes: 2 additions & 7 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,14 @@ jobs:
- name: Checkout
uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2

- name: Set up JDK 25
uses: actions/setup-java@v4
with:
java-version: '25'
distribution: 'temurin'

- name: Run Tests
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
./gradlew clean test -x processAot -x processTestAot
7 changes: 4 additions & 3 deletions .github/workflows/deploy-api-dev-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy-native.yml
with:
ecr_repository: snutt-dev/snutt-timetable
ocir_repository: snutt-dev/snutt-timetable
dockerfile: api/Dockerfile-native
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
7 changes: 4 additions & 3 deletions .github/workflows/deploy-api-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
ecr_repository: snutt-dev/snutt-timetable
ocir_repository: snutt-dev/snutt-timetable
dockerfile: api/Dockerfile
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
7 changes: 4 additions & 3 deletions .github/workflows/deploy-api-prod-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy-native.yml
with:
ecr_repository: snutt-prod/snutt-timetable
ocir_repository: snutt-prod/snutt-timetable
dockerfile: api/Dockerfile-native
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}

notify:
needs: deploy
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/deploy-api-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
ecr_repository: snutt-prod/snutt-timetable
ocir_repository: snutt-prod/snutt-timetable
dockerfile: api/Dockerfile
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}

notify:
needs: deploy
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/deploy-batch-dev-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy-native.yml
with:
ecr_repository: snutt-dev/snutt-timetable-batch
ocir_repository: snutt-dev/snutt-timetable-batch
dockerfile: batch/Dockerfile-native
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
7 changes: 4 additions & 3 deletions .github/workflows/deploy-batch-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
ecr_repository: snutt-dev/snutt-timetable-batch
ocir_repository: snutt-dev/snutt-timetable-batch
dockerfile: batch/Dockerfile
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
7 changes: 4 additions & 3 deletions .github/workflows/deploy-batch-prod-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy-native.yml
with:
ecr_repository: snutt-prod/snutt-timetable-batch
ocir_repository: snutt-prod/snutt-timetable-batch
dockerfile: batch/Dockerfile-native
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
7 changes: 4 additions & 3 deletions .github/workflows/deploy-batch-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
ecr_repository: snutt-prod/snutt-timetable-batch
ocir_repository: snutt-prod/snutt-timetable-batch
dockerfile: batch/Dockerfile
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
12 changes: 6 additions & 6 deletions .github/workflows/deploy-manual-native.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: Deploy Manual Native
on:
workflow_dispatch:
inputs:
ecr_repository:
description: 'ECR 리포지토리 (예: snutt-dev/snutt-timetable)'
ocir_repository:
description: 'OCIR 리포지토리 (예: snutt-dev/snutt-timetable)'
required: true
type: string
dockerfile:
Expand All @@ -16,9 +16,9 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy-native.yml
with:
ecr_repository: ${{ inputs.ecr_repository }}
ocir_repository: ${{ inputs.ocir_repository }}
dockerfile: ${{ inputs.dockerfile }}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
Loading