Skip to content

chore: 개발환경 IaC 구축 및 병렬 파이프라인 (#56) #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
doup2001 merged 9 commits into from
Apr 11, 2026
Merged

chore: 개발환경 IaC 구축 및 병렬 파이프라인 (#56) #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f462387
chore: dev용 iaC 초안 작성 (#56)
doup2001 Apr 11, 2026
71cb369
chore: prod와 유사하게 dev 구축 (#56)
doup2001 Apr 11, 2026
f287f4f
chore: tfvars.example 생성 (#56)
doup2001 Apr 11, 2026
f6fbd6a
chore: 개발용 환경 kustomize 정의 (#56)
doup2001 Apr 11, 2026
7b75df3
chore: 개발용 환경 helm-values 정의 (#56)
doup2001 Apr 11, 2026
8a37430
chore: 개발용 환경 argocd 정의 (#56)
doup2001 Apr 11, 2026
2141e23
refactor: helm nonprod 이름에서 dev로 변경 (#56)
doup2001 Apr 11, 2026
68d1add
refactor: 한글 주석 및 dev-values로 변경 (#56)
doup2001 Apr 11, 2026
89766d7
chore: 병렬 실행 파이프라인 적용 (#56)
doup2001 Apr 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 64 additions & 42 deletions .github/workflows/terraform-apply.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@ name: PinHouse Terraform Apply 파이프라인
on:
workflow_dispatch:
inputs:
environment:
description: "적용할 환경을 선택합니다. dev, staging, prod 중 하나를 사용합니다."
target:
description: "적용할 대상을 선택합니다. all을 선택하면 dev와 prod를 병렬로 적용합니다."
required: true
type: choice
options:
- dev
- staging
- prod
- all
Comment on lines +7 to +14
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "terraform/environments 아래 환경 디렉터리:"
find terraform/environments -mindepth 1 -maxdepth 1 -type d | sort

echo
echo "terraform-apply.yml의 대상 옵션과 환경 매핑:"
sed -n '1,70p' .github/workflows/terraform-apply.yml

echo
echo "staging 관련 참조:"
rg -n -C2 'staging|PinHouse_staging' .github/workflows/terraform-apply.yml

Repository: PinHouse/PinHouse_CLOUD

Length of output: 2242

staging 환경이 완전히 제거되었습니다. PR에서 이를 의도한 것인지 확인이 필요합니다.

  • terraform/environments/ 디렉터리에 staging이 없음 (dev, prod만 존재)
  • 워크플로우 입력 옵션에 staging 선택지 없음
  • 워크플로우 전체에서 staging 참조 없음

staging이 계속 지원되어야 할 환경이라면, 디렉터리와 워크플로우 로직을 모두 복원해야 합니다.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/terraform-apply.yml around lines 7 - 14, The workflow
removed the staging target option while the repo no longer has
terraform/environments/staging; confirm whether staging should be supported and
if so restore the staging environment folder and all workflow logic: add
"staging" back to the workflow input choices under the "target" input (options
list), and reintroduce any staging-specific branches/steps that reference
terraform/environments/staging; if staging is intentionally removed, reply
confirming deletion and ensure no remaining code references "staging" in the
workflow or terraform paths so the workflow input options and any conditional
logic (the "target" input and related steps) are consistent with only "dev" and
"prod".

confirm:
description: '"apply"를 입력해야 실제 적용이 진행됩니다.'
required: true
Expand All @@ -22,18 +22,50 @@ permissions:
contents: read
id-token: write

env:
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
TERRAFORM_STATE_BUCKET: ${{ secrets.TERRAFORM_STATE_BUCKET }}
TERRAFORM_TFVARS_DEV: ${{ secrets.TERRAFORM_TFVARS_DEV }}
TERRAFORM_TFVARS_PROD: ${{ secrets.TERRAFORM_TFVARS_PROD }}

jobs:
prepare-matrix:
name: 적용 대상 준비
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.prepare.outputs.matrix }}

steps:
- name: 적용 대상 Matrix 생성
id: prepare
run: |
case "${{ github.event.inputs.target }}" in
dev)
MATRIX='[{"terraform_environment":"dev","github_environment":"PinHouse_dev"}]'
;;
prod)
MATRIX='[{"terraform_environment":"prod","github_environment":"PinHouse_prod"}]'
;;
all)
MATRIX='[{"terraform_environment":"dev","github_environment":"PinHouse_dev"},{"terraform_environment":"prod","github_environment":"PinHouse_prod"}]'
;;
*)
echo "오류: 지원하지 않는 대상입니다: ${{ github.event.inputs.target }}"
exit 1
;;
esac

echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT"

terraform-apply:
name: Apply - ${{ github.event.inputs.environment }}
name: Apply - ${{ matrix.terraform_environment }}
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
needs: prepare-matrix
if: needs.prepare-matrix.outputs.matrix != ''
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.prepare-matrix.outputs.matrix) }}
environment: ${{ matrix.github_environment }}
env:
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
TERRAFORM_STATE_BUCKET: ${{ secrets.TERRAFORM_STATE_BUCKET }}
TERRAFORM_TFVARS: ${{ secrets.TERRAFORM_TFVARS }}

steps:
- name: 적용 확인 값 검증
Expand Down Expand Up @@ -63,91 +95,81 @@ jobs:
- name: State 버킷 변수 확인
run: |
if [ -z "${{ env.TERRAFORM_STATE_BUCKET }}" ]; then
echo "오류: GitHub Secrets에 TERRAFORM_STATE_BUCKET을 설정해야 합니다."
echo "오류: GitHub Environment Secret TERRAFORM_STATE_BUCKET을 설정해야 합니다."
exit 1
fi

- name: Terraform 초기화
id: init
working-directory: terraform/environments/${{ github.event.inputs.environment }}
working-directory: terraform/environments/${{ matrix.terraform_environment }}
run: |
terraform init \
-backend-config="bucket=${{ env.TERRAFORM_STATE_BUCKET }}" \
-backend-config="prefix=terraform/${{ github.event.inputs.environment }}/state"
-backend-config="prefix=terraform/${{ matrix.terraform_environment }}/state"

- name: Terraform tfvars 복원
id: tfvars
working-directory: terraform/environments/${{ github.event.inputs.environment }}
working-directory: terraform/environments/${{ matrix.terraform_environment }}
run: |
case "${{ github.event.inputs.environment }}" in
prod)
TFVARS_CONTENT="${TERRAFORM_TFVARS_PROD}"
SECRET_NAME="TERRAFORM_TFVARS_PROD"
;;
*)
echo "오류: 지원하지 않는 환경입니다: ${{ github.event.inputs.environment }}"
exit 1
;;
esac

if [ -z "${TFVARS_CONTENT}" ]; then
echo "오류: GitHub Secret ${SECRET_NAME}를 설정해야 합니다."
if [ -z "${TERRAFORM_TFVARS}" ]; then
echo "오류: GitHub Environment Secret TERRAFORM_TFVARS를 설정해야 합니다."
exit 1
fi

printf '%s\n' "${TFVARS_CONTENT}" > terraform.tfvars
printf '%s\n' "${TERRAFORM_TFVARS}" > terraform.tfvars
chmod 600 terraform.tfvars

- name: Terraform Plan 실행
id: plan
working-directory: terraform/environments/${{ github.event.inputs.environment }}
working-directory: terraform/environments/${{ matrix.terraform_environment }}
run: |
terraform plan -no-color -out=tfplan
terraform show -no-color tfplan > plan_output.txt

- name: Plan 결과 업로드
uses: actions/upload-artifact@v4
with:
name: tfplan-${{ github.event.inputs.environment }}-${{ github.run_number }}
name: tfplan-${{ matrix.terraform_environment }}-${{ github.run_number }}
path: |
terraform/environments/${{ github.event.inputs.environment }}/tfplan
terraform/environments/${{ github.event.inputs.environment }}/plan_output.txt
terraform/environments/${{ matrix.terraform_environment }}/tfplan
terraform/environments/${{ matrix.terraform_environment }}/plan_output.txt

- name: Terraform Apply 실행
id: apply
working-directory: terraform/environments/${{ github.event.inputs.environment }}
working-directory: terraform/environments/${{ matrix.terraform_environment }}
run: |
terraform apply -auto-approve tfplan 2>&1 | tee apply_output.txt

- name: Apply 출력 업로드
uses: actions/upload-artifact@v4
if: always()
with:
name: tfapply-${{ github.event.inputs.environment }}-${{ github.run_number }}
path: terraform/environments/${{ github.event.inputs.environment }}/apply_output.txt
name: tfapply-${{ matrix.terraform_environment }}-${{ github.run_number }}
path: terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt

- name: 배포 요약 생성
if: always()
run: |
echo "## Terraform Apply 요약 - ${{ github.event.inputs.environment }}" >> $GITHUB_STEP_SUMMARY
echo "## Terraform Apply 요약 - ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**환경:** ${{ github.event.inputs.environment }}" >> $GITHUB_STEP_SUMMARY
echo "**환경:** ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
echo "**GitHub Environment:** ${{ matrix.github_environment }}" >> $GITHUB_STEP_SUMMARY
echo "**실행 결과:** ${{ steps.apply.outcome }}" >> $GITHUB_STEP_SUMMARY
echo "**실행 사용자:** @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
echo "**커밋 SHA:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

if [ -f terraform/environments/${{ github.event.inputs.environment }}/apply_output.txt ]; then
if [ -f terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt ]; then
echo "<details><summary>Apply 출력 보기</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
cat terraform/environments/${{ github.event.inputs.environment }}/apply_output.txt >> $GITHUB_STEP_SUMMARY
cat terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
Comment on lines 150 to 168
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "terraform-apply.yml" -o -name "*terraform*apply*" | grep -E "\.(yml|yaml)$" | head -20

Repository: PinHouse/PinHouse_CLOUD

Length of output: 106

🏁 Script executed:

if [ -f ".github/workflows/terraform-apply.yml" ]; then
  echo "File found"
  wc -l ".github/workflows/terraform-apply.yml"
else
  find . -type f -name "*terraform*apply*"
fi

Repository: PinHouse/PinHouse_CLOUD

Length of output: 119

🏁 Script executed:

sed -n '150,168p' ".github/workflows/terraform-apply.yml"

Repository: PinHouse/PinHouse_CLOUD

Length of output: 1213

🏁 Script executed:

# shellcheck 경고 코드 검증을 위해 web 검색
# SC2086과 SC2129 정의 확인

Repository: PinHouse/PinHouse_CLOUD

Length of output: 49

🌐 Web query:

shellcheck SC2086 SC2129

💡 Result:

ShellCheck warnings SC2086 and SC2129 are from the official ShellCheck wiki. SC2086: Double quote to prevent globbing and word splitting. It warns when variables or parameters are unquoted in command contexts, like echo $1 or for i in $*, which can cause unexpected word splitting and glob expansion. Fix by quoting: echo "$1", for i in "$@". Exceptions include intentional splitting using arrays or set -f; IFS=''. Use arrays for command options. SC2129: Consider using { cmd1; cmd2; } >> file instead of individual redirects. It suggests grouping multiple commands with the same >> redirect for efficiency (file opened once). Problematic: echo foo >> file; date >> file. Correct: { echo foo; date; } >> file. Stylistic; can ignore, but improves performance.

Citations:

$GITHUB_STEP_SUMMARY 리다이렉션을 정리해주세요.

이 블록은 여러 echo 명령이 동일한 파일로 개별 리다이렉션되고 있습니다. 괄호로 그룹화하여 파일을 한 번만 열도록 하고, 경로와 변수를 인용하면 더 안전합니다. $GITHUB_STEP_SUMMARY 변수와 terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt 경로를 인용하세요.

수정 예시 
-          echo "## Terraform Apply 요약 - ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "**환경:** ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
-          echo "**GitHub Environment:** ${{ matrix.github_environment }}" >> $GITHUB_STEP_SUMMARY
-          echo "**실행 결과:** ${{ steps.apply.outcome }}" >> $GITHUB_STEP_SUMMARY
-          echo "**실행 사용자:** @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
-          echo "**커밋 SHA:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [ -f terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt ]; then
-            echo "<details><summary>Apply 출력 보기</summary>" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            cat terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            echo "</details>" >> $GITHUB_STEP_SUMMARY
-          fi
+          {
+            echo "## Terraform Apply 요약 - ${{ matrix.terraform_environment }}"
+            echo ""
+            echo "**환경:** ${{ matrix.terraform_environment }}"
+            echo "**GitHub Environment:** ${{ matrix.github_environment }}"
+            echo "**실행 결과:** ${{ steps.apply.outcome }}"
+            echo "**실행 사용자:** @${{ github.actor }}"
+            echo "**커밋 SHA:** ${{ github.sha }}"
+            echo ""
+
+            if [ -f "terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt" ]; then
+              echo "<details><summary>Apply 출력 보기</summary>"
+              echo ""
+              echo '```'
+              cat "terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt"
+              echo '```'
+              echo "</details>"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 배포 요약 생성
if: always()
run: |
echo "## Terraform Apply 요약 - ${{ github.event.inputs.environment }}" >> $GITHUB_STEP_SUMMARY
echo "## Terraform Apply 요약 - ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**환경:** ${{ github.event.inputs.environment }}" >> $GITHUB_STEP_SUMMARY
echo "**환경:** ${{ matrix.terraform_environment }}" >> $GITHUB_STEP_SUMMARY
echo "**GitHub Environment:** ${{ matrix.github_environment }}" >> $GITHUB_STEP_SUMMARY
echo "**실행 결과:** ${{ steps.apply.outcome }}" >> $GITHUB_STEP_SUMMARY
echo "**실행 사용자:** @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
echo "**커밋 SHA:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ -f terraform/environments/${{ github.event.inputs.environment }}/apply_output.txt ]; then
if [ -f terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt ]; then
echo "<details><summary>Apply 출력 보기</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
cat terraform/environments/${{ github.event.inputs.environment }}/apply_output.txt >> $GITHUB_STEP_SUMMARY
cat terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
- name: 배포 요약 생성
if: always()
run: |
{
echo "## Terraform Apply 요약 - ${{ matrix.terraform_environment }}"
echo ""
echo "**환경:** ${{ matrix.terraform_environment }}"
echo "**GitHub Environment:** ${{ matrix.github_environment }}"
echo "**실행 결과:** ${{ steps.apply.outcome }}"
echo "**실행 사용자:** @${{ github.actor }}"
echo "**커밋 SHA:** ${{ github.sha }}"
echo ""
if [ -f "terraform/environments/${{ matrix.terraform_environment }}/apply_output.txt" ]; then
echo "<details><summary>Apply 출력 보기</summary>"
echo ""
echo '
🧰 Tools
🪛 actionlint (1.7.12)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:11:53: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:12:14: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:13:17: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:14:86: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:15:17: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:16:24: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:1:71: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:2:12: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:3:55: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:4:68: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:5:49: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:6:44: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:7:41: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2086:info:8:12: Double quote to prevent globbing and word splitting

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2129:style:11:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

[error] 152-152: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/terraform-apply.yml around lines 150 - 168, Multiple echo
commands append separately to $GITHUB_STEP_SUMMARY; group them into a single
redirected block and quote variables/paths to avoid word-splitting and globbing.
Replace the series of echo and cat >> $GITHUB_STEP_SUMMARY with a grouped block
using { ... } >> "$GITHUB_STEP_SUMMARY", and quote "$GITHUB_STEP_SUMMARY" and
the path "terraform/environments/${{ matrix.terraform_environment
}}/apply_output.txt"; keep the inner logic (the if check for the
apply_output.txt file, the details/summary wrapper, and the code fence)
unchanged but remove per-line redirections.

fi

- name: 실패 시 워크플로우 종료
if: failure()
run: |
echo "::error::${{ github.event.inputs.environment }} 환경 Terraform apply 실행에 실패했습니다."
echo "::error::${{ matrix.terraform_environment }} 환경 Terraform apply 실행에 실패했습니다."
exit 1
21 changes: 13 additions & 8 deletions .github/workflows/terraform-plan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ jobs:
GCP_WORKLOAD_IDENTITY_PROVIDER: ""
GCP_SERVICE_ACCOUNT: ""
TERRAFORM_STATE_BUCKET: ""
TERRAFORM_TFVARS_DEV: ""
TERRAFORM_TFVARS_PROD: ""
outputs:
environments: ${{ steps.detect.outputs.environments || '[]' }}
Expand All @@ -45,11 +46,16 @@ jobs:

# 변경된 환경 목록을 배열로 수집합니다.
ENVIRONMENTS=()
if echo "$CHANGED_FILES" | grep -q "terraform/environments/dev/"; then
ENVIRONMENTS+=("dev")
fi

if echo "$CHANGED_FILES" | grep -q "terraform/environments/prod/"; then
ENVIRONMENTS+=("prod")
fi

if echo "$CHANGED_FILES" | grep -q "terraform/modules/"; then
ENVIRONMENTS+=("dev")
ENVIRONMENTS+=("prod")
fi

Expand All @@ -73,6 +79,7 @@ jobs:
GCP_WORKLOAD_IDENTITY_PROVIDER: ""
GCP_SERVICE_ACCOUNT: ""
TERRAFORM_STATE_BUCKET: ""
TERRAFORM_TFVARS_DEV: ""
TERRAFORM_TFVARS_PROD: ""

steps:
Expand All @@ -99,11 +106,12 @@ jobs:
runs-on: ubuntu-22.04
needs: detect-changes
if: (needs.detect-changes.outputs.environments || '[]') != '[]' # 변경된 환경이 있을 때만 실행합니다.
environment: ${{ matrix.environment == 'dev' && 'PinHouse_dev' || matrix.environment == 'prod' && 'PinHouse_prod' }}
env:
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
TERRAFORM_STATE_BUCKET: ${{ secrets.TERRAFORM_STATE_BUCKET }}
TERRAFORM_TFVARS_PROD: ${{ secrets.TERRAFORM_TFVARS_PROD }}
TERRAFORM_TFVARS: ${{ secrets.TERRAFORM_TFVARS }}
strategy:
fail-fast: false # 한 환경 실패가 다른 환경 확인을 막지 않도록 유지합니다.
matrix:
Expand Down Expand Up @@ -140,7 +148,7 @@ jobs:
id: state-bucket
run: |
if [ -z "${{ env.TERRAFORM_STATE_BUCKET }}" ]; then
echo "오류: GitHub Secrets에 TERRAFORM_STATE_BUCKET을 설정해야 합니다."
echo "오류: GitHub Environment Secret TERRAFORM_STATE_BUCKET을 설정해야 합니다."
exit 1
fi

Expand All @@ -158,15 +166,12 @@ jobs:
if: steps.init.outcome == 'success'
working-directory: terraform/environments/${{ matrix.environment }}
run: |
TFVARS_CONTENT="${TERRAFORM_TFVARS_PROD}"
SECRET_NAME="TERRAFORM_TFVARS_PROD"

if [ -z "${TFVARS_CONTENT}" ]; then
echo "오류: GitHub Secret ${SECRET_NAME}를 설정해야 합니다."
if [ -z "${TERRAFORM_TFVARS}" ]; then
echo "오류: GitHub Environment Secret TERRAFORM_TFVARS를 설정해야 합니다."
exit 1
fi

printf '%s\n' "${TFVARS_CONTENT}" > terraform.tfvars
printf '%s\n' "${TERRAFORM_TFVARS}" > terraform.tfvars
chmod 600 terraform.tfvars

- name: Terraform 유효성 검사
Expand Down
41 changes: 41 additions & 0 deletions k8s-argocd/applications/dev/app.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# ===================================
# Dev App Root
# ===================================

apiVersion: argoproj.io/v1alpha1
kind: Application

# 기본 정보
metadata:
name: app-root-dev
namespace: argocd
labels:
pinhouse.co.kr/environment: dev
pinhouse.co.kr/component: app
finalizers:
- resources-finalizer.argocd.argoproj.io

# 스펙
spec:
project: default

# Git 저장소에서 관리하는 매니페스트 경로입니다.
source:
repoURL: https://github.com/PinHouse/PinHouse_CLOUD
targetRevision: main
path: k8s-argocd/applications/dev/app
directory:
recurse: false

# 배포 대상 클러스터와 네임스페이스입니다.
destination:
server: https://kubernetes.default.svc
namespace: argocd

# Git 기준으로 자동 동기화합니다.
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
50 changes: 50 additions & 0 deletions k8s-argocd/applications/dev/app/backend.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# ===================================
# Dev Backend
# ===================================

apiVersion: argoproj.io/v1alpha1
kind: Application

# 기본 정보
metadata:
name: backend-dev
namespace: argocd
labels:
pinhouse.co.kr/environment: dev
pinhouse.co.kr/image-updater: enabled
finalizers:
- resources-finalizer.argocd.argoproj.io
annotations:
argocd-image-updater.argoproj.io/image-list: asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server
argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
argocd-image-updater.argoproj.io/backend.allow-tags: regexp:^[0-9]{8}_[0-9]{6}-[a-f0-9]{7}$
argocd-image-updater.argoproj.io/backend.kustomize.image-name: REPLACE_ME
Comment on lines +18 to +21
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Argo CD Image Updater에서 argocd-image-updater.argoproj.io/.update-strategy같은 alias 기반 annotation을 사용할 때image-list= 형태로 반드시 선언해야 하는지 공식 문서로 확인해주세요.

💡 Result:

네, Argo CD Image Updater의 레거시 annotation 기반 구성(주로 v0.x 버전)에서 argocd-image-updater.argoproj.io/.update-strategy 같은 alias 기반 annotation을 사용하려면, image-list annotation에 해당 alias를 = 형태로 반드시 선언해야 합니다. 공식 문서에 따르면: - image-list는 [<alias_name>=]<image_path>[:<version_constraint>] 형식으로, alias는 선택적이지만 alias 기반 추가 annotation(예: .update-strategy, .allow-tags 등)을 사용하려면 image-list에서 alias를 명시적으로 할당해야 합니다. (출처: Images configuration docs) - "Assigning an alias name to an image is necessary in these scenarios: ... If you want to set custom options for a given image's update strategy" (출처: https://argocd-image-updater.readthedocs.io/en/registry-scanner-release-0.2/configuration/images/) - "It is generally recommended to set aliases for each of your images. Many of the features depend on an alias being set, and aliases might become a strict requirement in the future." (동일 출처) alias 없이 image만 지정(예: image-list: some/image)하면 기본 .update-strategy (alias 없는 형태)가 적용되지만, .update-strategy는 alias가 image-list에 정의되어 있어야 참조 가능합니다. v1.x 이후 CRD 기반 구성에서는 annotation을 사용하지 않고 ImageUpdater CR의 images[].alias 필드를 사용합니다.

Citations:

image-list annotation에 alias 매핑을 추가하세요

Lines 19-21에서 backend.update-strategy, backend.allow-tags, backend.kustomize.image-name 등 alias 기반 annotation을 사용 중인데, line 18의 image-listbackend= 매핑이 없습니다. Argo CD Image Updater 공식 문서에 따르면 alias 기반 annotation을 사용하려면 반드시 image-list에서 alias를 명시적으로 선언해야 합니다. 현재 상태에서는 이 옵션들이 적용되지 않아 자동 이미지 업데이트가 제대로 작동하지 않습니다.

수정 제안 
-    argocd-image-updater.argoproj.io/image-list: asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server
+    argocd-image-updater.argoproj.io/image-list: backend=asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
argocd-image-updater.argoproj.io/image-list: asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server
argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
argocd-image-updater.argoproj.io/backend.allow-tags: regexp:^[0-9]{8}_[0-9]{6}-[a-f0-9]{7}$
argocd-image-updater.argoproj.io/backend.kustomize.image-name: REPLACE_ME
argocd-image-updater.argoproj.io/image-list: backend=asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server
argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
argocd-image-updater.argoproj.io/backend.allow-tags: regexp:^[0-9]{8}_[0-9]{6}-[a-f0-9]{7}$
argocd-image-updater.argoproj.io/backend.kustomize.image-name: REPLACE_ME
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@k8s-argocd/applications/dev/app/backend.yaml` around lines 18 - 21, The
argocd-image-updater annotations use an alias ("backend") but
argocd-image-updater.argoproj.io/image-list currently lacks the alias mapping;
update the image-list annotation to include the alias mapping for backend (e.g.,
add
"backend=asia-northeast3-docker.pkg.dev/dev-pinhouse/pinhouse-dev-be/pinhouse-server")
so the backend.update-strategy, backend.allow-tags and
backend.kustomize.image-name annotations apply correctly to that image alias.

argocd-image-updater.argoproj.io/write-back-method: git
argocd-image-updater.argoproj.io/git-branch: main

notifications.argoproj.io/subscribe.on-sync-running.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-deployed.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-sync-failed.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-health-degraded.backend-nonprod: ""
Comment on lines +25 to +28
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

알림 구독 키에 nonprod 명칭이 남아 있습니다

Line 25~28은 backend-nonprod를 사용하고 있어 이번 PR의 dev 명칭 정리와 불일치합니다. 의도된 잔존값이 아니라면 backend-dev로 통일하는 편이 안전합니다.

제안 수정 
-    notifications.argoproj.io/subscribe.on-sync-running.backend-nonprod: ""
-    notifications.argoproj.io/subscribe.on-deployed.backend-nonprod: ""
-    notifications.argoproj.io/subscribe.on-sync-failed.backend-nonprod: ""
-    notifications.argoproj.io/subscribe.on-health-degraded.backend-nonprod: ""
+    notifications.argoproj.io/subscribe.on-sync-running.backend-dev: ""
+    notifications.argoproj.io/subscribe.on-deployed.backend-dev: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.backend-dev: ""
+    notifications.argoproj.io/subscribe.on-health-degraded.backend-dev: ""
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
notifications.argoproj.io/subscribe.on-sync-running.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-deployed.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-sync-failed.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-health-degraded.backend-nonprod: ""
notifications.argoproj.io/subscribe.on-sync-running.backend-dev: ""
notifications.argoproj.io/subscribe.on-deployed.backend-dev: ""
notifications.argoproj.io/subscribe.on-sync-failed.backend-dev: ""
notifications.argoproj.io/subscribe.on-health-degraded.backend-dev: ""
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@k8s-argocd/applications/dev/app/backend.yaml` around lines 25 - 28,
Annotations notifications.argoproj.io/subscribe.* currently reference the stale
suffix "backend-nonprod"; update each subscription key
(notifications.argoproj.io/subscribe.on-sync-running.backend-nonprod,
notifications.argoproj.io/subscribe.on-deployed.backend-nonprod,
notifications.argoproj.io/subscribe.on-sync-failed.backend-nonprod,
notifications.argoproj.io/subscribe.on-health-degraded.backend-nonprod) to use
"backend-dev" so the annotation keys match the dev naming convention in this PR.


spec:
project: default

# Git 저장소에서 관리하는 매니페스트 경로입니다.
source:
repoURL: https://github.com/PinHouse/PinHouse_CLOUD
targetRevision: main
path: k8s-kustomize/overlays/dev/backend

# 배포 대상 클러스터와 네임스페이스입니다.
destination:
server: https://kubernetes.default.svc
namespace: dev-app

# Git 기준으로 자동 동기화합니다.
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
Loading
Loading