Skip to content

[infra] 개발 / 운영 서버 분리#182

Merged
buzz0331 merged 2 commits into
developfrom
chore/#179-split-prod-dev
Aug 12, 2025
Merged

[infra] 개발 / 운영 서버 분리#182
buzz0331 merged 2 commits into
developfrom
chore/#179-split-prod-dev

Conversation

@buzz0331

@buzz0331 buzz0331 commented Aug 9, 2025

Copy link
Copy Markdown
Contributor

#️⃣ 연관된 이슈

closes #179

📝 작업 내용

개발 서버와 운영 서버를 분리합니다. 브랜치 전략은 다음과 같습니다.

  • feature -> develop PR : CI 테스트 활성화

  • develop PUSH : 개발 서버 CD 배포

  • main PUSH : 운영 서버 CD 배포

  • hotfix 발생시 : main으로 다이렉트 push 가능

  • release 브랜치는 추후에 정말 서비스 운영이 시작되었을때 고려해봐야 될 것 같습니다.

현재 올라온 PR들이 있어 아직 application.yml 파일은 따로 분리하지 않았습니다. 이 PR을 머지하기 직전에 application-prod.yml을 도입하겠습니다.

📸 스크린샷

💬 리뷰 요구사항

리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

📌 PR 진행 시 이러한 점들을 참고해 주세요

* P1 : 꼭 반영해 주세요 (Request Changes) - 이슈가 발생하거나 취약점이 발견되는 케이스 등
* P2 : 반영을 적극적으로 고려해 주시면 좋을 것 같아요 (Comment)
* P3 : 이런 방법도 있을 것 같아요~ 등의 사소한 의견입니다 (Chore)

Summary by CodeRabbit

  • Chores
    • 개발 환경의 배포 워크플로우가 Docker Compose 명령어를 사용하여 컨테이너 및 이미지 관리를 간소화하도록 변경되었습니다.
    • 프로덕션 환경에 대한 새로운 자동 배포 워크플로우가 추가되어, main 브랜치에 푸시 시 자동으로 빌드, Docker 이미지 생성 및 원격 서버 배포가 이루어집니다.

@coderabbitai

coderabbitai Bot commented Aug 9, 2025

Copy link
Copy Markdown

Walkthrough

이 변경에서는 GitHub Actions 워크플로우 파일을 수정 및 추가하여 개발 서버와 운영 서버의 배포 프로세스를 분리했습니다. 개발 워크플로우에서는 blue-green 배포 스크립트를 제거하고 Docker Compose 명령어로 직접 컨테이너를 관리하도록 변경했으며, 운영 워크플로우는 신규로 추가되어 blue-green 배포 스크립트를 그대로 사용합니다.

Changes

Cohort / File(s) Change Summary
개발 서버 배포 워크플로우 수정
.github/workflows/cd-workflow-dev.yml
기존 blue-green 배포 스크립트(deploy.sh) 호출을 제거하고, Docker Compose 명령어로 컨테이너 중지, 이미지 삭제, 컨테이너 재시작, 이미지 정리 등 라이프사이클을 직접 관리하도록 변경.
운영 서버 배포 워크플로우 추가
.github/workflows/cd-workflow-prod.yml
운영 서버용 신규 GitHub Actions 워크플로우 파일 추가. main 브랜치에 push 시 트리거되어, Gradle 빌드, Docker 이미지 빌드 및 푸시, SSH를 통한 원격 blue-green 배포 스크립트 실행 등 자동화.

Sequence Diagram(s)

sequenceDiagram
    participant GitHubActions as GitHub Actions (개발)
    participant RemoteServer as 원격 서버

    GitHubActions->>RemoteServer: SSH 접속
    RemoteServer->>RemoteServer: docker-compose down --rmi all
    RemoteServer->>RemoteServer: docker-compose pull
    RemoteServer->>RemoteServer: docker-compose up -d
    RemoteServer->>RemoteServer: docker image prune -f
Loading
sequenceDiagram
    participant GitHubActions as GitHub Actions (운영)
    participant RemoteServer as 원격 서버

    GitHubActions->>RemoteServer: SSH 접속
    RemoteServer->>RemoteServer: docker-compose pull
    RemoteServer->>RemoteServer: sudo ./deploy.sh
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Assessment against linked issues

Objective Addressed Explanation
개발 서버와 운영서버를 분리 (#179)

Assessment against linked issues: Out-of-scope changes

(해당 사항 없음)

Possibly related PRs

  • [chore] 무중단 배포 도입 #147: 기존 blue-green 배포 스크립트(deploy.sh)를 활용하는 방식에서 직접 Docker Compose 명령어로 전환하는 접근과 직접적으로 관련된 PR입니다.

Poem

🐰
서버 나누고 배포도 새로,
개발은 Compose로 깔끔하게,
운영은 스크립트로 신중하게,
두 갈래 길 속에서
토끼는 춤추네—
깃허브 액션 따라
서버도 신나게!
🚀

Note

🔌 MCP (Model Context Protocol) integration is now available in Early Access!

Pro users can now connect to remote MCP servers under the Integrations page to get reviews and chat conversations that understand additional development context.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/#179-split-prod-dev

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions

github-actions Bot commented Aug 9, 2025

Copy link
Copy Markdown

Test Results

374 tests   374 ✅  30s ⏱️
110 suites    0 💤
110 files      0 ❌

Results for commit 898e787.

♻️ This comment has been updated with latest results.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (3)
.github/workflows/cd-workflow-dev.yml (2)

70-81: YAML trailing space 제거

YAMLlint가 지적한 라인(72, 74, 77)의 후행 공백을 제거해주세요. 워크플로우 파싱 오작동은 드물지만, 린트 에러로 PR 차단될 수 있습니다.


79-81: docker-compose 바이너리 확인 및 docker compose 플러그인 사용 제안

현재 CI 워크플로우에서 docker-compose를 직접 호출하고 있습니다. 최신 Docker 환경에서는 공식적으로 docker compose 플러그인을 권장하며, 대상 서버에 docker-compose 바이너리가 없으면 파이프라인이 실패할 수 있습니다.

  • 워크플로우 파일: .github/workflows/cd-workflow-dev.yml
  • 위치: 79–81행

제안사항:

  1. docker-compose 바이너리 또는 docker compose 플러그인 설치 여부를 확인하는 단계 추가
    - name: Check Docker Compose availability
      run: |
        if ! command -v docker-compose &>/dev/null && ! docker compose version &>/dev/null; then
          echo "Error: Neither docker-compose nor Docker Compose plugin is available."
          exit 1
        fi
  2. 실행 명령을 플러그인 문법으로 변경
    -            sudo docker-compose up -d
    +            sudo docker compose up -d
                sudo docker image prune -f

대상 서버 환경에서 docker-compose 바이너리 또는 docker compose 플러그인이 정상 동작하는지 확인을 부탁드립니다.

.github/workflows/cd-workflow-prod.yml (1)

69-69: YAML trailing space 제거

YAMLlint가 지적한 후행 공백(해당 라인들)을 제거해주세요.

Also applies to: 71-71, 74-74

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between afef95b and e24f32d.

📒 Files selected for processing (2)
  • .github/workflows/cd-workflow-dev.yml (1 hunks)
  • .github/workflows/cd-workflow-prod.yml (1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/cd-workflow-dev.yml

[error] 72-72: trailing spaces

(trailing-spaces)


[error] 74-74: trailing spaces

(trailing-spaces)


[error] 77-77: trailing spaces

(trailing-spaces)

.github/workflows/cd-workflow-prod.yml

[error] 69-69: trailing spaces

(trailing-spaces)


[error] 71-71: trailing spaces

(trailing-spaces)


[error] 74-74: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.7)
.github/workflows/cd-workflow-prod.yml

23-23: the runner of "actions/setup-java@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)


37-37: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
🔇 Additional comments (1)
.github/workflows/cd-workflow-prod.yml (1)

69-76: 배포 워크플로우: deploy.sh 권한 및 사전 검증 로직 개선 필요

현재 ${{ env.COMPOSE_PATH }} 표현은 GitHub Actions 문법이지 쉘 변수 확장이 아니어서 bad substitution 에러가 발생하며, 결국 deploy.sh를 찾지 못합니다. 아래처럼 수정해 주세요.

  • 대상 파일: .github/workflows/cd-workflow-prod.yml (Lines 69–76)
  • 제안 변경사항:
    -            sudo docker ps -a
    -            
    -            echo "🥳 Pulling new image"
    -            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
    -            
    -            echo "🚀 Run Blue-Green Deploy Script"
    -            sudo bash deploy.sh
    +            sudo docker ps -a
  •        echo "🥳 Pulling new image"
    
  •        sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
    
  •        echo "🔍 Checking and running deploy.sh"
    
  •        run: |
    
  •          # COMPOSE_PATH는 GitHub Actions가 env로 주입한 쉘 변수입니다
    
  •          cd "${COMPOSE_PATH}"
    
  •          if [ ! -f deploy.sh ]; then
    
  •            echo "🚨 deploy.sh not found in ${COMPOSE_PATH}"; exit 1
    
  •          fi
    
  •          chmod +x deploy.sh
    
  •          sudo ./deploy.sh
    
  • 주요 변경점
    1. 쉘 단계(run:) 안에서 ${{ env.COMPOSE_PATH }}"${COMPOSE_PATH}"로 쉘 변수 확장
    2. deploy.sh 존재 여부 확인 후 권한 부여(chmod +x)
    3. sudo ./deploy.sh로 실행해 환경 변수 전달 및 유연성 확보

Likely an incorrect or invalid review comment.

Comment on lines +70 to +72
echo "✋🏻Stopping existing container and Cleaning up old images"
sudo docker-compose down --rmi all

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

이미지 일괄 삭제(--rmi all)로 불필요한 풀/다운타임 증가 가능성

docker-compose down --rmi all는 서비스 이미지까지 전부 지워 매 배포 시 풀이 강제되어 느리고, 장애 시 롤백 여지도 줄어듭니다. dangling/미사용 이미지는 마지막 prune으로 충분합니다. --rmi all 제거를 권장합니다.

-            sudo docker-compose down --rmi all
+            sudo docker-compose down --remove-orphans
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "✋🏻Stopping existing container and Cleaning up old images"
sudo docker-compose down --rmi all
echo "✋🏻Stopping existing container and Cleaning up old images"
sudo docker-compose down --remove-orphans
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 72-72: trailing spaces

(trailing-spaces)

🤖 Prompt for AI Agents
In .github/workflows/cd-workflow-dev.yml around lines 70 to 72, remove the --rmi
all option from the docker-compose down command to avoid deleting all service
images during each deployment. This prevents unnecessary image pulls and
downtime, and preserves the ability to roll back in case of failure. Keep the
command as sudo docker-compose down without --rmi all, relying on a final prune
step to clean up dangling or unused images.

Comment on lines +22 to +27
- name: ☕️ set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
server-id: github

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

GitHub 공식 액션 버전 업데이트 권장 (actionlint 지적사항 반영)

actionlint가 actions/setup-java@v3, actions/cache@v3가 오래되었다고 지적합니다. v4로 올리는 것을 권장합니다. 또한 보안상 태그 고정 또는 커밋 SHA 핀ning이 좋습니다.

예시:

-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
@@
-        uses: actions/cache@v3
+        uses: actions/cache@v4

동일 변경을 dev 워크플로우에도 적용해주세요.

Also applies to: 36-44


🌐 Web query:

GitHub actions/setup-java 리포지토리의 최신 메이저 버전은 무엇인가요?

💡 Result:

GitHub Actions의 setup-java 액션의 최신 메이저 버전은 v4입니다. 이 버전은 Java 21을 지원하며, distribution 매개변수로 'temurin'을 사용하여 Eclipse Temurin 배포판을 설정할 수 있습니다. (github.com)

예를 들어, setup-java 액션을 사용하여 Java 21을 설정하려면 다음과 같이 워크플로우를 구성할 수 있습니다:

steps:
  - uses: actions/checkout@v4
  - name: Set up JDK 21
    uses: actions/setup-java@v4
    with:
      java-version: '21'
      distribution: 'temurin'

이렇게 설정하면 Java 21이 설치되고, 이후 단계에서 해당 버전을 사용할 수 있습니다.

Citations:


🌐 Web query:

GitHub actions/cache 리포지토리의 최신 메이저 버전은 무엇인가요?

💡 Result:

GitHub Actions의 actions/cache 리포지토리의 최신 메이저 버전은 v4입니다. 이 버전은 이전 버전들에 비해 성능 향상과 버그 수정이 포함되어 있습니다. 예를 들어, actions/cache@v4를 사용하면 캐시 복원 및 저장 속도가 개선되어 워크플로의 실행 시간을 단축할 수 있습니다. (docs.github.com)

actions/cache는 GitHub Actions 워크플로에서 종속성 및 빌드 아티팩트를 캐시하여 CI/CD 파이프라인의 효율성을 높이는 데 사용됩니다. 최신 버전으로 업그레이드하면 이러한 캐시 작업의 성능과 안정성이 향상됩니다.

Citations:


actions/setup-java·actions/cache를 v4로 업그레이드하고 태그 고정 적용하기

actionlint 지적사항에 따라 아래 파일들에서 @v3@v4로 메이저 버전을 올려주세요.
보안 강화를 위해 커밋 SHA(pinning) 또는 정확한 태그 고정을 함께 적용하는 것도 권장합니다.

확인 및 수정 위치:

  • .github/workflows/cd-workflow-prod.yml: 22–27, 36–44
  • .github/workflows/cd-workflow-dev.yml: 동일 범위

예시 diff:

-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4  # 또는 uses: actions/setup-java@<커밋 SHA>

@@

-        uses: actions/cache@v3
+        uses: actions/cache@v4       # 또는 uses: actions/cache@<커밋 SHA>

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 actionlint (1.7.7)

23-23: the runner of "actions/setup-java@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents
In .github/workflows/cd-workflow-prod.yml at lines 22 to 27 and 36 to 44, update
the GitHub Actions usage from actions/setup-java@v3 to actions/setup-java@v4 and
apply version pinning by replacing the version tag with a specific commit SHA or
exact tag to enhance security. Do the same for actions/cache if used. This
involves changing the 'uses' field to reference the pinned version instead of
the floating v3 tag.

Comment thread .github/workflows/cd-workflow-prod.yml Outdated
Comment on lines +33 to +34
echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > ${{ env.RESOURCE_PATH }}/application.yml
shell: bash

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Prod 워크플로우에서 Dev 시크릿을 사용하고 있습니다

프로덕션 배포에 ${{ secrets.APPLICATION_YML_DEV }}가 사용됩니다. 프로덕션 전용 시크릿으로 교체가 필요합니다.

-          echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > ${{ env.RESOURCE_PATH }}/application.yml
+          echo "${{ secrets.APPLICATION_YML_PROD }}" | base64 --decode > ${{ env.RESOURCE_PATH }}/application.yml

참고: 곧 application-prod.yml 도입 예정이라면, 해당 파일 생성으로 조정하는 방안도 검토하세요.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > ${{ env.RESOURCE_PATH }}/application.yml
shell: bash
echo "${{ secrets.APPLICATION_YML_PROD }}" | base64 --decode > ${{ env.RESOURCE_PATH }}/application.yml
shell: bash
🤖 Prompt for AI Agents
In .github/workflows/cd-workflow-prod.yml at lines 33 to 34, the workflow is
incorrectly using the development secret `${{ secrets.APPLICATION_YML_DEV }}`
for the production deployment. Replace this with the production-specific secret,
such as `${{ secrets.APPLICATION_YML_PROD }}`, to ensure the correct
configuration is used. If you plan to introduce `application-prod.yml` soon,
consider updating the workflow to decode and use that file accordingly.

Comment on lines +52 to +56
- name: 🐳 Docker build & push
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build --build-arg PORT=${{env.APP_PORT}} -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }} .
docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

이미지 태그 불변성 확보(릴리즈 재현 가능성 및 혼선 방지)

현재 단일 태그(기본 latest)가 사용되어 dev/prod 간 경쟁 조건이나 롤백 어려움이 생길 수 있습니다. SHA를 포함한 불변 태그를 추가로 빌드/푸시하고, 배포에서도 해당 태그를 참조하세요.

예시:

-          docker build --build-arg PORT=${{env.APP_PORT}} -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }} .
-          docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
+          IMAGE=${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
+          TAG=${{ github.sha }}
+          docker build --build-arg PORT=${{env.APP_PORT}} -f Dockerfile \
+            -t $IMAGE:latest -t $IMAGE:$TAG .
+          docker push $IMAGE:latest
+          docker push $IMAGE:$TAG

배포 스크립트(deploy.sh)에서도 $TAG를 사용하도록 조정 필요 시 말씀 주세요. 수정안 드리겠습니다.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 🐳 Docker build & push
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build --build-arg PORT=${{env.APP_PORT}} -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }} .
docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
- name: 🐳 Docker build & push
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
IMAGE=${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}
TAG=${{ github.sha }}
docker build --build-arg PORT=${{env.APP_PORT}} -f Dockerfile \
-t $IMAGE:latest -t $IMAGE:$TAG .
docker push $IMAGE:latest
docker push $IMAGE:$TAG
🤖 Prompt for AI Agents
In .github/workflows/cd-workflow-prod.yml around lines 52 to 56, the Docker
image is currently built and pushed with a single mutable tag, which can cause
issues with release reproducibility and deployment confusion. Modify the
workflow to build and push the Docker image with an immutable tag that includes
the commit SHA (e.g., using the GitHub SHA environment variable) alongside the
existing tag. Update the docker build and push commands to use this SHA-based
tag, and ensure the deployment scripts reference this immutable tag for
consistent releases.

Comment on lines +58 to +66
- name: 🚀 deploy to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_KEY }}
port: ${{ secrets.EC2_PORT }}
envs: GITHUB_SHA
script: |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

서드파티 액션 버전 고정 필요(@master 사용 지양)

appleboy/ssh-action@master는 가변 참조입니다. 안정성/공급망 보안상 릴리즈 태그나 커밋 SHA로 고정하세요.

최신 안정 버전 확인:

확인 후 예시:

-        uses: appleboy/ssh-action@master
+        uses: appleboy/ssh-action@<verified-latest-tag>

🌐 Web query:

appleboy/ssh-action의 최신 안정 릴리스 태그는 무엇인가?

💡 Result:

appleboy/ssh-action의 최신 안정 릴리스(Stable Release) 태그는 v1.2.2입니다[1][4].

  • GitHub 공식 Releases 페이지에서 v1.2.2(2024년 3월 9일 릴리스)가 "Latest"로 표시되어 있습니다[1].
  • 여러 최신 사용 사례와 문서, 커뮤니티 질의응답에서도 모두 최신 버전으로 v1.2.2를 안내하고 있습니다[4].

따라서 워크플로우에서 안정 버전을 사용하시려면 아래와 같이 명시하면 됩니다.

uses: appleboy/ssh-action@v1.2.2

추가 참고

  • 이전에는 master나 v1 태그를 사용하는 예시가 있었으나, 실제 최신 안정 릴리스 기준은 v1.2.2입니다[1][4].

Citations:


서드파티 액션 버전 고정: appleboy/ssh-action@v1.2.2 사용
안정성 및 공급망 보안을 위해 가변 참조(@master) 대신 최신 안정 릴리스 태그로 고정하세요.

  • 파일: .github/workflows/cd-workflow-prod.yml
  • 라인: 58–66
-        uses: appleboy/ssh-action@master
+        uses: appleboy/ssh-action@v1.2.2
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 🚀 deploy to server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_KEY }}
port: ${{ secrets.EC2_PORT }}
envs: GITHUB_SHA
script: |
- name: 🚀 deploy to server
uses: appleboy/ssh-action@v1.2.2
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_KEY }}
port: ${{ secrets.EC2_PORT }}
envs: GITHUB_SHA
script: |
🤖 Prompt for AI Agents
In .github/workflows/cd-workflow-prod.yml around lines 58 to 66, the GitHub
Action uses a floating tag @master for appleboy/ssh-action, which can cause
instability and supply chain risks. Replace the version reference from @master
to the fixed stable release tag @v1.2.2 to ensure consistent and secure
deployments.

@buzz0331 buzz0331 changed the title [chore] 개발 / 운영 서버 분리 [infra] 개발 / 운영 서버 분리 Aug 10, 2025
hd0rable
hd0rable previously approved these changes Aug 11, 2025

@hd0rable hd0rable left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

굿~~👍🏻👍🏻 수고하셨습니다!!

@buzz0331 buzz0331 merged commit 3b649c2 into develop Aug 12, 2025
3 checks passed
@buzz0331 buzz0331 deleted the chore/#179-split-prod-dev branch August 12, 2025 08:11
@coderabbitai coderabbitai Bot mentioned this pull request Aug 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[THIP2025-235] [chore] 개발/운영서버 분리

2 participants