Skip to content

bug(#38): ci/cd action 수정 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
fixgramwork wants to merge 1 commit into from
Closed

bug(#38): ci/cd action 수정 #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/workflows/Spring-develop-CD.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: Spring Deplot to EC2

on:
pull_request:
branches: ["develop"]

jobs:
build:

runs-on: ubuntu-latest
permissions:
contents: read

steps:
- uses: actions/checkout@v4

- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'

- name: application.properties 파일 설정
run: |
mkdir -p src/main/resources
mkdir -p src/test/resources
echo "${{ secrets.APPLICATION_PROPERTIES }}" > ./src/main/resources/application.properties
echo "${{ secrets.TEST_APPLICATION_PROPERTIES }}" > ./src/test/resources/application.properties

- name: Setup Gradle
uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0

- name: Build with Gradle Wrapper
run: ./gradlew clean build

- name: 빌드된 파일 이름 변경하기
run: mv ./build/libs/*SNAPSHOT.jar ./cd.jar

- name: SCP로 EC2에 빌드된 파일 전송하기
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USER }}
key: ${{ secrets.EC2_SSH_KEY }}
source: cd.jar
target: /home/ubuntu/clue

Comment on lines +40 to +47
Copy link

@coderabbitai coderabbitai bot Jul 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

appleboy/*-action@master 사용은 보안 위험 — 태그 또는 커밋으로 고정하세요

@master 는 언제든지 바뀔 수 있어 Supply-chain 공격에 취약합니다. 안정 버전 또는 SHA 로 명시적으로 고정하세요.

-        uses: appleboy/scp-action@master
+        uses: appleboy/scp-action@v0.1.7  # 최신 릴리스/커밋으로 교체

 ...

-        uses: appleboy/ssh-action@master
+        uses: appleboy/ssh-action@v0.1.7  # 최신 릴리스/커밋으로 교체

Also applies to: 56-61

🤖 Prompt for AI Agents 
In .github/workflows/Spring-develop-CD.yml at lines 40 to 47 and also lines 56
to 61, the usage of appleboy/scp-action@master is insecure because the master
branch can change unexpectedly, risking supply-chain attacks. Replace @master
with a specific released version tag or a commit SHA to ensure the action
version is fixed and stable. Check the action's repository for the latest stable
version or commit and update the workflow file accordingly.


deploy:
needs: build
runs-on: ubuntu-latest

steps:

- name: SSH로 EC2에 접속하기
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USER }}
key: ${{ secrets.EC2_SSH_KEY }}
script_stop: true
script: |
cd clue
sudo fuser -k -n tcp 8080 || true
sudo nohup java -jar cd.jar > ./output.log 2>&1 &
51 changes: 0 additions & 51 deletions .github/workflows/spring-cd.yml
View file
Open in desktop

This file was deleted.

61 changes: 28 additions & 33 deletions .github/workflows/spring-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,42 +2,37 @@ name: Spring CI

on:
push:
branches: [ "*" ]
branches: ["*"]

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'

- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle

- name: Grant permission to gradlew
run: chmod +x gradlew

- name: Build with Gradle
run: ./gradlew build

- name: Run tests
run: ./gradlew test

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17

- name: Grant permission to gradlew
run: chmod +x gradlew

- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
Comment on lines +24 to +31
Copy link

@coderabbitai coderabbitai bot Jul 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

💥 actions/cache 버전을 v4로 올려야 합니다

GitHub Actions 러너는 Node 20 런타임만 지원합니다. actions/cache@v3 는 Node 16 기반이므로 조만간 실행 오류가 발생할 수 있습니다.
아래와 같이 버전을 v4 로 업그레이드하세요.

-        uses: actions/cache@v3
+        uses: actions/cache@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
- name: Cache Gradle packages
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
🧰 Tools
🪛 actionlint (1.7.7)

25-25: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/spring-ci.yaml around lines 24 to 31, the actions/cache
version is set to v3, which uses Node 16 and may cause runtime errors since
GitHub Actions runners now support only Node 20. Update the uses line to
actions/cache@v4 to ensure compatibility and prevent future execution errors.

${{ runner.os }}-gradle

- name: Build with Gradle
run: ./gradlew build

- name: Run tests
run: ./gradlew test
Loading