crone: 깃허브 파이프라인 구축

ImGdevel · ImGdevel · commit d98cd2176abc · 2025-09-04T21:42:43.000+09:00
diff --git a/.github/workflows/dev-ci.yml b/.github/workflows/dev-ci.yml
@@ -0,0 +1,77 @@
+name: Development CI
+
+on:
+  pull_request:
+    branches: [develop]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - 'scripts/**'
+
+env:
+  DOTNET_VERSION: '8.0.x'
+  
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+        
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+          
+    - name: Restore dependencies
+      run: dotnet restore ProjectVG.sln
+      
+    - name: Build solution
+      run: dotnet build ProjectVG.sln --no-restore --configuration Release
+      
+    - name: Run tests
+      run: dotnet test ProjectVG.Tests/ProjectVG.Tests.csproj --no-build --configuration Release --verbosity normal --collect:"XPlat Code Coverage" --logger trx --results-directory coverage
+      
+    - name: Code Coverage Report
+      uses: irongut/CodeCoverageSummary@v1.3.0
+      with:
+        filename: coverage/**/coverage.cobertura.xml
+        badge: true
+        fail_below_min: false
+        format: markdown
+        hide_branch_rate: false
+        hide_complexity: true
+        indicators: true
+        output: both
+        thresholds: '60 80'
+        
+    - name: Add Coverage PR Comment
+      uses: marocchino/sticky-pull-request-comment@v2
+      if: github.event_name == 'pull_request'
+      with:
+        recreate: true
+        path: code-coverage-results.md
+        
+    - name: Publish Test Results
+      uses: dorny/test-reporter@v1
+      if: success() || failure()
+      with:
+        name: Test Results
+        path: coverage/*.trx
+        reporter: dotnet-trx
+        
+    - name: Build Status Check
+      if: failure()
+      run: |
+        echo "❌ Build or tests failed"
+        exit 1
diff --git a/.github/workflows/release-cicd.yml b/.github/workflows/release-cicd.yml
@@ -0,0 +1,154 @@
+name: Release CI/CD
+
+on:
+  pull_request:
+    branches: [release]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - 'scripts/**'
+
+env:
+  DOTNET_VERSION: '8.0.x'
+  DOCKER_IMAGE_NAME: projectvgapi
+  
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+        
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+          
+    - name: Restore dependencies
+      run: dotnet restore ProjectVG.sln
+      
+    - name: Build solution
+      run: dotnet build ProjectVG.sln --no-restore --configuration Release
+      
+    - name: Run tests
+      run: dotnet test ProjectVG.Tests/ProjectVG.Tests.csproj --no-build --configuration Release --verbosity normal --collect:"XPlat Code Coverage" --logger trx --results-directory coverage
+      
+    - name: Code Coverage Report
+      uses: irongut/CodeCoverageSummary@v1.3.0
+      with:
+        filename: coverage/**/coverage.cobertura.xml
+        badge: true
+        fail_below_min: true
+        format: markdown
+        hide_branch_rate: false
+        hide_complexity: true
+        indicators: true
+        output: both
+        thresholds: '70 85'
+        
+    - name: Publish Test Results
+      uses: dorny/test-reporter@v1
+      if: success() || failure()
+      with:
+        name: Release Test Results
+        path: coverage/*.trx
+        reporter: dotnet-trx
+
+  docker-build-push:
+    name: Docker Build and Push
+    runs-on: ubuntu-latest
+    needs: build-and-test
+    if: success()
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+        
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}
+        tags: |
+          type=ref,event=pr,prefix=pr-
+          type=raw,value=latest,enable={{is_default_branch}}
+          type=sha,prefix={{branch}}-
+          
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./ProjectVG.Api/Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/amd64
+        target: production
+
+  deploy-aws:
+    name: Deploy to AWS
+    runs-on: ubuntu-latest
+    needs: [build-and-test, docker-build-push]
+    if: success()
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_REGION }}
+        
+    - name: Extract Docker image tag
+      id: image-tag
+      run: |
+        echo "tag=${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
+        
+    # ECS 배포 예시 (필요시 수정)
+    - name: Deploy to ECS
+      run: |
+        # ECS 서비스 업데이트 (실제 클러스터명, 서비스명으로 수정 필요)
+        aws ecs update-service \
+          --cluster projectvg-cluster \
+          --service projectvg-api-service \
+          --task-definition projectvg-api-task \
+          --force-new-deployment
+          
+        echo "✅ Deployment initiated to AWS ECS"
+        echo "🐳 Docker Image: ${{ steps.image-tag.outputs.tag }}"
+        
+    # 또는 EC2/EKS 배포 예시
+    # - name: Deploy to EC2/EKS
+    #   run: |
+    #     # 여기에 실제 배포 스크립트 작성
+    #     echo "Deploying to EC2/EKS..."
+        
+    - name: Deployment Status
+      run: |
+        echo "🚀 Release deployment completed successfully!"
+        echo "📦 Image: ${{ steps.image-tag.outputs.tag }}"
+        echo "🌍 Region: ${{ secrets.AWS_REGION }}"
diff --git a/docs/github-secrets-setup.md b/docs/github-secrets-setup.md
@@ -0,0 +1,161 @@
+# GitHub Secrets 설정 가이드
+
+이 문서는 ProjectVG CI/CD 파이프라인을 위한 GitHub Secrets 설정 방법을 안내합니다.
+
+## GitHub Secrets 설정 방법
+
+1. GitHub 저장소로 이동
+2. `Settings` 탭 클릭
+3. 좌측 메뉴에서 `Secrets and variables` → `Actions` 선택
+4. `New repository secret` 버튼 클릭
+
+## 필수 Secrets 목록
+
+### 🐳 Docker Hub 관련
+```
+DOCKER_USERNAME
+- 설명: Docker Hub 사용자명
+- 예시: your-dockerhub-username
+
+DOCKER_PASSWORD
+- 설명: Docker Hub 액세스 토큰 또는 비밀번호
+- 참고: Docker Hub → Account Settings → Security → New Access Token
+```
+
+### ☁️ AWS 배포 관련
+```
+AWS_ACCESS_KEY_ID
+- 설명: AWS IAM 사용자의 액세스 키 ID
+- 예시: AKIA1234567890EXAMPLE
+
+AWS_SECRET_ACCESS_KEY
+- 설명: AWS IAM 사용자의 시크릿 액세스 키
+- 예시: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
+AWS_REGION
+- 설명: AWS 리전
+- 예시: ap-northeast-2
+```
+
+### 🔐 애플리케이션 환경 변수 (선택사항)
+운영 환경에서 다른 값이 필요한 경우에만 설정:
+
+```
+JWT_SECRET_KEY
+- 설명: JWT 토큰 서명용 시크릿 키 (최소 32자)
+- 예시: your-super-secret-jwt-key-here-minimum-32-characters
+
+GOOGLE_OAUTH_CLIENT_ID
+- 설명: Google OAuth2 클라이언트 ID
+- 예시: 1234567890-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com
+
+GOOGLE_OAUTH_CLIENT_SECRET
+- 설명: Google OAuth2 클라이언트 시크릿
+- 예시: GOCSPX-abcdefghijklmnopqrstuvwxyz123456
+
+DB_CONNECTION_STRING
+- 설명: 운영 데이터베이스 연결 문자열
+- 예시: Server=prod-db.amazonaws.com,1433;Database=ProjectVG;User Id=admin;Password=SecurePassword123!;TrustServerCertificate=true;
+
+REDIS_CONNECTION_STRING
+- 설명: Redis 연결 문자열
+- 예시: prod-redis.amazonaws.com:6379
+
+LLM_BASE_URL
+- 설명: LLM 서비스 기본 URL
+- 예시: https://api.llm-service.com
+
+MEMORY_BASE_URL
+- 설명: Memory 서비스 기본 URL
+- 예시: https://api.memory-service.com
+
+TTS_API_KEY
+- 설명: TTS 서비스 API 키
+- 예시: sk-1234567890abcdefghijklmnopqrstuvwxyz
+```
+
+## AWS IAM 권한 설정
+
+AWS 배포를 위한 IAM 사용자에게 다음 권한이 필요합니다:
+
+### ECS 배포 시 필요 권한
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:UpdateService",
+                "ecs:DescribeServices",
+                "ecs:DescribeTasks",
+                "ecs:ListTasks",
+                "ecs:RegisterTaskDefinition",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:PassRole"
+            ],
+            "Resource": "arn:aws:iam::*:role/ecsTaskExecutionRole"
+        }
+    ]
+}
+```
+
+### EC2/EKS 배포 시 필요 권한 (해당하는 경우)
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "eks:DescribeCluster",
+                "eks:UpdateClusterConfig"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## 보안 주의사항
+
+1. **최소 권한 원칙**: 필요한 최소한의 권한만 부여
+2. **액세스 키 로테이션**: 정기적으로 AWS 액세스 키 교체
+3. **Docker 토큰**: Docker Hub 비밀번호 대신 액세스 토큰 사용 권장
+4. **환경별 분리**: 개발/스테이징/운영 환경별로 다른 값 사용
+
+## 설정 확인 방법
+
+1. Pull Request를 `develop` 브랜치로 생성하여 CI 동작 확인
+2. Pull Request를 `release` 브랜치로 생성하여 CI/CD 전체 과정 확인
+3. GitHub Actions 탭에서 워크플로우 실행 결과 확인
+
+## 문제 해결
+
+### 자주 발생하는 오류
+
+1. **Docker login 실패**
+   - `DOCKER_USERNAME`, `DOCKER_PASSWORD` 값 확인
+   - Docker Hub 액세스 토큰 권한 확인
+
+2. **AWS 배포 실패**
+   - AWS 자격 증명 확인
+   - IAM 권한 확인
+   - 리소스명(클러스터, 서비스) 확인
+
+3. **테스트 실패**
+   - 테스트 코드 자체 문제일 수 있음
+   - 로컬에서 `dotnet test` 실행하여 확인
+
+## 추가 정보
+
+- [GitHub Secrets 공식 문서](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
+- [Docker Hub 액세스 토큰 생성](https://docs.docker.com/docker-hub/access-tokens/)
+- [AWS IAM 권한 설정](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
