Skip to content

[FEAT] api-user BFF 전환 #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
unifolio0 wants to merge 16 commits into from
Closed

[FEAT] api-user BFF 전환 #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
9fb5eb4
feat: api-user BFF 전환 중간 커밋
unifolio0 Nov 3, 2025
9c57681
feat: 프로덕션 코드 컴파일 오류 해결
unifolio0 Nov 3, 2025
53e60a2
feat: 테스트 마이그레이션
unifolio0 Nov 3, 2025
5b8d3f8
feat: 테스트 마이그레이션
unifolio0 Nov 4, 2025
62493a8
feat: 주석 해제
unifolio0 Nov 4, 2025
f5c5787
feat:설정 파일 수정
unifolio0 Nov 4, 2025
f0add28
feat: contextId 추가
unifolio0 Nov 4, 2025
a18a8bd
feat: 검증 수정
unifolio0 Nov 4, 2025
16f21c1
chore: ci, cd 스크립트 수정
unifolio0 Nov 4, 2025
706c1a4
chore: 설정 파일 수정
unifolio0 Nov 4, 2025
1acd9b3
chore: 설정 파일 수정
unifolio0 Nov 4, 2025
37b1edd
chore: cd 추가
unifolio0 Nov 4, 2025
f462148
chore: 테스트 설정파일 수정
unifolio0 Nov 4, 2025
a2faf97
chore: CI 수정
unifolio0 Nov 4, 2025
051e6ad
chore: runner 이름 수정
unifolio0 Nov 4, 2025
84bd7b4
chore: 도커 파일 수정
unifolio0 Nov 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions .github/workflows/Dev_Owner_CD.yml → .github/workflows/Dev_API_Owner_CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ on:
- "develop"
paths:
- 'api-owner/**'
- 'domain/**'
- 'domain-redis/**'
- 'domain-common/**'
- 'infra-redis/**'
- 'infra-kafka/**'
- 'build.gradle'
- 'settings.gradle'
- '.github/workflows/Dev_Owner_CD.yml'
- 'Dev_API_Owner_CD.yml'

permissions:
contents: read
Expand Down Expand Up @@ -65,7 +66,7 @@ jobs:

deploy:
needs: build
runs-on: dev-owner
runs-on: dev-api-owner

steps:
- name: Download artifact file
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/Dev_User_CD.yml → .github/workflows/Dev_API_User_CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ on:
- "develop"
paths:
- 'api-user/**'
- 'domain/**'
- 'domain-redis/**'
- 'domain-common/**'
- 'infra-redis/**'
- 'infra-kafka/**'
Comment on lines +9 to +11
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

경로 트리거 변경이 실제 모듈 의존성과 일치하는지 확인이 필요합니다.

워크플로우 트리거가 domain/**domain-redis/** 패턴에서 domain-common/**, infra-redis/**, infra-kafka/**로 변경되었습니다. BFF 전환에 따른 변경으로 보이지만, 다음을 확인해 주세요:

  1. api-user의 실제 모듈 의존성이 이 세 모듈(domain-common, infra-redis, infra-kafka)만 포함하는지
  2. 이전의 다른 domain/** 모듈(예: domain-user, domain-restaurant 등)에 대한 의존성이 완전히 제거되었는지
  3. 새로 추가된 Feign 클라이언트나 마이크로서비스 통신이 이 모듈들만 필요로 하는지

다음 스크립트로 모듈 구조와 의존성을 확인해 주세요:

[/request_verification]

🏁 Script executed:

#!/bin/bash
# Description: Verify api-user module dependencies and structure

# Check settings.gradle to see all modules
echo "=== Modules in settings.gradle ==="
rg -n "include|:api-user|:domain|:infra" settings.gradle

# Check build.gradle for api-user dependencies
echo -e "\n=== api-user build.gradle dependencies ==="
fd "^build.gradle$" -x grep -l "api-user" {} \; 2>/dev/null || true
fd -u "^build.gradle$" | xargs grep -l "^include.*api-user" 2>/dev/null || grep -r "project.*api-user" --include="build.gradle" 2>/dev/null | head -5 || true

# List build.gradle files to understand structure
echo -e "\n=== build.gradle files in repository ==="
fd -u "^build.gradle$" | head -10

Length of output: 668

I need to check the actual dependencies in api-user/build.gradle to verify if the workflow trigger change is appropriate.

[/run_scripts]

🏁 Script executed:

#!/bin/bash
# Extract api-user dependencies from build.gradle

echo "=== api-user/build.gradle dependencies section ==="
grep -A 50 "dependencies" api-user/build.gradle | head -60

Length of output: 784

workflow 트리거에 domain-common/**을 포함하는 것은 제거하세요.

검증 결과, api-user/build.gradle의 실제 의존성은 infra-redis와 infra-kafka만 포함합니다. 어떤 domain 모듈도 의존하지 않습니다.

현재 설정:

- 'domain-common/**'
- 'infra-redis/**'
- 'infra-kafka/**'

올바른 설정:

- 'infra-redis/**'
- 'infra-kafka/**'

domain-common/**은 실제 의존성이 없으므로 제거하세요.

🤖 Prompt for AI Agents 
.github/workflows/Dev_User_CD.yml around lines 9 to 11 currently includes
'domain-common/**' in the list of paths that trigger the workflow; remove that
entry so the triggers only include the actual dependencies 'infra-redis/**' and
'infra-kafka/**'. Edit the YAML to delete the 'domain-common/**' line, leaving
the two infra entries intact, and save the workflow file to ensure the workflow
no longer triggers on domain-common changes.

- 'build.gradle'
- 'settings.gradle'
- '.github/workflows/Dev_User_CD.yml'
- 'Dev_API_User_CD.yml'

permissions:
contents: read
Expand Down Expand Up @@ -65,7 +66,7 @@ jobs:

deploy:
needs: build
runs-on: dev-user
runs-on: dev-api-user

steps:
- name: Download artifact file
Expand Down
50 changes: 44 additions & 6 deletions .github/workflows/Dev_CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,58 @@ jobs:
TEST_REPORT: true

services:
mysql:
mysql-reservation:
image: mysql:8.0
env:
MYSQL_ROOT_PASSWORD: ""
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
MYSQL_DATABASE: test
MYSQL_DATABASE: wellmeet_reservation
MYSQL_ROOT_PASSWORD: password
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

보안: 하드코딩된 비밀번호를 GitHub Secrets로 변경하세요.

CI 환경이지만, 모든 MySQL 서비스에 동일한 평문 비밀번호(password)를 하드코딩하는 것은 보안 안티패턴입니다. GitHub Actions Secrets를 사용하거나 최소한 기본값으로 변경하는 것이 좋습니다.

-          MYSQL_ROOT_PASSWORD: password
+          MYSQL_ROOT_PASSWORD: ${{ secrets.MYSQL_ROOT_PASSWORD || 'test-password' }}

또는 모든 서비스에서 일관성 있게:

-          MYSQL_ROOT_PASSWORD: password
+          MYSQL_ROOT_PASSWORD: test-password

Also applies to: 39-39, 52-52, 65-65

🤖 Prompt for AI Agents 
.github/workflows/Dev_CI.yml lines 26 (and also update the same pattern at lines
39, 52, 65): the workflow hardcodes MYSQL_ROOT_PASSWORD: password; change it to
use a GitHub Actions secret (e.g. MYSQL_ROOT_PASSWORD: ${{
secrets.MYSQL_ROOT_PASSWORD }}), add that secret in the
repository/settings->Secrets and ensure any local CI default is documented in
README if needed; update every occurrence (lines 39, 52, 65) to the same secret
reference so all services use the secret consistently.

ports:
- 3306:3306
options: >-
--health-cmd="mysqladmin ping"
--health-cmd="mysqladmin ping -ppassword"
--health-interval=10s
--health-timeout=5s
--health-retries=3


mysql-member:
image: mysql:8.0
env:
MYSQL_DATABASE: wellmeet_member
MYSQL_ROOT_PASSWORD: password
ports:
- 3307:3306
options: >-
--health-cmd="mysqladmin ping -ppassword"
--health-interval=10s
--health-timeout=5s
--health-retries=3

mysql-owner:
image: mysql:8.0
env:
MYSQL_DATABASE: wellmeet_owner
MYSQL_ROOT_PASSWORD: password
ports:
- 3308:3306
options: >-
--health-cmd="mysqladmin ping -ppassword"
--health-interval=10s
--health-timeout=5s
--health-retries=3

mysql-restaurant:
image: mysql:8.0
env:
MYSQL_DATABASE: wellmeet_restaurant
MYSQL_ROOT_PASSWORD: password
ports:
- 3309:3306
options: >-
--health-cmd="mysqladmin ping -ppassword"
--health-interval=10s
--health-timeout=5s
--health-retries=3

redis:
image: redis:7-alpine
ports:
Expand Down
78 changes: 78 additions & 0 deletions .github/workflows/Dev_Discovery_CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: dev-discovery-cd

on:
push:
branches:
- "develop"
paths:
- 'discovery-server/**'
- 'build.gradle'
- 'settings.gradle'
- '.github/workflows/Dev_Discovery_CD.yml'

permissions:
contents: read
checks: write
actions: read
pull-requests: write

jobs:
test:
uses: ./.github/workflows/Dev_CI.yml

build:
needs: test
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'

- name: Make gradlew executable
run: chmod +x gradlew

- name: bootJar with Gradle
run: ./gradlew :discovery-server:bootJar --info

- name: Change artifact file name
run: mv discovery-server/build/libs/*.jar discovery-server/build/libs/app.jar

- name: Upload artifact file
uses: actions/upload-artifact@v4
with:
name: app-artifact
path: ./discovery-server/build/libs/app.jar
if-no-files-found: error

- name: Upload deploy scripts
uses: actions/upload-artifact@v4
with:
name: deploy-scripts
path: ./scripts/dev/
if-no-files-found: error

deploy:
needs: build
runs-on: dev-discovery-server

steps:
- name: Download artifact file
uses: actions/download-artifact@v4
with:
name: app-artifact
path: ~/app

- name: Download deploy scripts
uses: actions/download-artifact@v4
with:
name: deploy-scripts
path: ~/app/scripts

- name: Replace application to latest
run: sudo sh ~/app/scripts/replace-new-version.sh
Comment on lines +77 to +78
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

배포 단계의 sudo 사용 검토

Line 78에서 sudo sh ~/app/scripts/replace-new-version.sh를 실행합니다. sudo 권한으로 스크립트를 실행하는 것은 보안상 민감한 작업입니다. 다음 사항을 검증하세요:

  1. replace-new-version.sh 스크립트의 내용과 목적 검증
  2. 스크립트의 접근 제어 및 변조 방지 확인
  3. sudo 권한이 정말 필요한지 검토 (예: 포트 80/443에 바인딩, systemd 서비스 재시작 등)
  4. 에러 발생 시 처리 로직 추가 (현재는 암묵적 실패 처리)

🏁 Script executed:

#!/bin/bash
# Description: Check the deployment script for security and error handling

# Check if the deployment script exists in the repository
if [ -f "scripts/dev/replace-new-version.sh" ]; then
  echo "=== Deployment script found ==="
  echo "Script content:"
  cat scripts/dev/replace-new-version.sh
  echo ""
  echo "=== Script permissions ==="
  ls -la scripts/dev/replace-new-version.sh
else
  echo "Warning: Deployment script scripts/dev/replace-new-version.sh not found in repository"
fi

Length of output: 1042

배포 스크립트의 보안 및 에러 처리 검증 완료

검증 결과, 원래 리뷰 의견의 우려사항이 부분적으로 확인되었습니다:

확인된 문제점:

  1. 이중 sudo 사용: 워크플로우에서 sudo sh로 실행 후 스크립트 내부에서 다시 sudo nohup java 실행 - 불필요한 권한 상승
  2. 불완전한 에러 처리: kill 명령에만 에러 확인이 있고, Java 애플리케이션 실행 실패 시 처리 로직 부재
  3. 사전 검증 부족: JAR 파일 존재 여부 및 로그 디렉토리 존재 여부 검증 없음
  4. 전역 에러 처리 부재: set -e 또는 trap을 이용한 종합적 실패 처리 없음

권장사항:

  • 스크립트의 sudo 권한 재검토 (단계별 권한 명시)
  • 포트 8080 해제 시에만 sudo 필요 여부 확인
  • Java 실행 직전 JAR 파일 존재 검증 및 APP_LOG_DIR 생성
  • 전역 에러 처리 추가: set -e 또는 명시적 에러 체크
🤖 Prompt for AI Agents 
.github/workflows/Dev_Discovery_CD.yml around lines 77-78: the workflow runs the
deploy script with an extra sudo which combined with the script's internal
sudo/nohup usage causes unnecessary privilege escalation and brittle error
handling; update the workflow/script to avoid double sudo (only escalate where
needed), add global failure handling (set -e or a trap to catch errors and exit
non-zero), ensure the deploy script validates the JAR exists and creates
APP_LOG_DIR before starting, and add explicit checks after kill/port-release and
after attempting to start the Java process to log failures and exit if Java
fails to launch.

79 changes: 79 additions & 0 deletions .github/workflows/Dev_Domain_Member_CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: dev-member-cd

on:
push:
branches:
- "develop"
paths:
- 'domain-member/**'
- 'domain-common/**'
- 'build.gradle'
- 'settings.gradle'
- 'Dev_Domain_Member_CD.yml'
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

트리거 경로 설정 수정 필요

line 12의 경로는 'Dev_Domain_Member_CD.yml'로 설정되어 있으나, 워크플로우 파일이 .github/workflows/ 디렉토리 내에 있으므로 트리거가 정상 작동하지 않을 가능성이 있습니다.

수정 권장사항:

-      - 'Dev_Domain_Member_CD.yml'
+      - '.github/workflows/Dev_Domain_Member_CD.yml'

Also applies to: 12-12

🤖 Prompt for AI Agents 
.github/workflows/Dev_Domain_Member_CD.yml around line 12: the trigger path is
set to 'Dev_Domain_Member_CD.yml' which may not match because the workflow file
resides in .github/workflows; update the path to include the directory (e.g.
'.github/workflows/Dev_Domain_Member_CD.yml') or use a broader pattern like
'.github/workflows/**' in the workflow's trigger/paths so the event will
correctly match this file.


permissions:
contents: read
checks: write
actions: read
pull-requests: write

jobs:
test:
uses: ./.github/workflows/Dev_CI.yml

build:
needs: test
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'

- name: Make gradlew executable
run: chmod +x gradlew

- name: bootJar with Gradle
run: ./gradlew :domain-member:bootJar --info

- name: Change artifact file name
run: mv domain-member/build/libs/*.jar domain-member/build/libs/app.jar

- name: Upload artifact file
uses: actions/upload-artifact@v4
with:
name: app-artifact
path: ./domain-member/build/libs/app.jar
if-no-files-found: error

- name: Upload deploy scripts
uses: actions/upload-artifact@v4
with:
name: deploy-scripts
path: ./scripts/dev/
if-no-files-found: error

deploy:
needs: build
runs-on: dev-domain-member

steps:
- name: Download artifact file
uses: actions/download-artifact@v4
with:
name: app-artifact
path: ~/app

- name: Download deploy scripts
uses: actions/download-artifact@v4
with:
name: deploy-scripts
path: ~/app/scripts

- name: Replace application to latest
run: sudo sh ~/app/scripts/replace-new-version.sh
79 changes: 79 additions & 0 deletions .github/workflows/Dev_Domain_Owner_CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: dev-owner-domain-cd

on:
push:
branches:
- "develop"
paths:
- 'domain-owner/**'
- 'domain-common/**'
- 'build.gradle'
- 'settings.gradle'
- 'Dev_Domain_Owner_CD.yml'
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

트리거 경로 설정 수정 필요

line 12의 경로는 'Dev_Domain_Owner_CD.yml'로 설정되어 있으나, 워크플로우 파일이 .github/workflows/ 디렉토리 내에 있으므로 트리거가 정상 작동하지 않을 가능성이 있습니다.

수정 권장사항:

-      - 'Dev_Domain_Owner_CD.yml'
+      - '.github/workflows/Dev_Domain_Owner_CD.yml'

Also applies to: 12-12

🤖 Prompt for AI Agents 
In .github/workflows/Dev_Domain_Owner_CD.yml around line 12, the trigger path is
set to 'Dev_Domain_Owner_CD.yml' which won't match the actual location; update
that value to the correct path under the workflows folder (for example
'.github/workflows/Dev_Domain_Owner_CD.yml' or an appropriate glob like
'.github/workflows/**') so the workflow trigger correctly matches the file
location.


permissions:
contents: read
checks: write
actions: read
pull-requests: write

jobs:
test:
uses: ./.github/workflows/Dev_CI.yml

build:
needs: test
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'

- name: Make gradlew executable
run: chmod +x gradlew

- name: bootJar with Gradle
run: ./gradlew :domain-owner:bootJar --info

- name: Change artifact file name
run: mv domain-owner/build/libs/*.jar domain-owner/build/libs/app.jar

- name: Upload artifact file
uses: actions/upload-artifact@v4
with:
name: app-artifact
path: ./domain-owner/build/libs/app.jar
if-no-files-found: error

- name: Upload deploy scripts
uses: actions/upload-artifact@v4
with:
name: deploy-scripts
path: ./scripts/dev/
if-no-files-found: error

deploy:
needs: build
runs-on: dev-domain-owner

steps:
- name: Download artifact file
uses: actions/download-artifact@v4
with:
name: app-artifact
path: ~/app

- name: Download deploy scripts
uses: actions/download-artifact@v4
with:
name: deploy-scripts
path: ~/app/scripts

- name: Replace application to latest
run: sudo sh ~/app/scripts/replace-new-version.sh
Loading