yj-devsec · yj-devsec · Jan 5, 2026 · Jan 5, 2026 · Jan 5, 2026 · Jan 5, 2026
diff --git a/.github/workflows/cicd-1.yaml b/.github/workflows/cicd-1.yaml
diff --git a/.github/workflows/debug.yaml b/.github/workflows/debug.yaml
@@ -0,0 +1,16 @@
+name: debug
+on: push
+
+jobs:
+  debug:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+    - name: force fail
+      run: |
+        cat test.txt
+    - name: uses tmate
+      if: always()
+      uses: mxschmitt/action-tmate@v3
+      timeout-minutes: 10
diff --git a/.github/workflows/part4/cicd-1.yaml b/.github/workflows/part4/cicd-1.yaml
@@ -0,0 +1,112 @@
+name: cicd-1
+on:
+  pull_request:
+    types: [opened, synchronize, closed]
+    branches: [dev]
+    paths:
+    - 'my-app/**'
+
+jobs:
+  test:
+    if: github.event.action == 'opened' || github.event.action == 'synchronize'
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+    - name: setup-node
+      uses: actions/setup-node@v3
+      with:
+        node-version: 18
+    - name: Cache Node.js modules
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-
+    - name: Install dependencies
+      run: |
+        cd my-app
+        npm ci
+    - name: npm build
+      run: |
+        cd my-app
+        npm run build
+
+  image-build:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+    - name: Configure AWS Credentials
+      id: credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ vars.AWS_REGION }}
+        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+      with:
+        mask-password: 'true'
+    - name: docker build & push
+      run: |
+        docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} .
+        docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }}
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [ image-build ]
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+    - name: Configure AWS Credentials
+      id: credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ vars.AWS_REGION }}
+        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+    - name: setup kubectl
+      uses: azure/setup-kubectl@v3
+      with:
+        version: latest
+    - name: setup helm
+      uses: azure/setup-helm@v3
+      with:
+        version: v3.11.1
+    - name: access kubernetes
+      run: |
+        aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }}
+    - name: deploy
+      id: status
+      run: |
+        helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \
+        --set image.tag=${{ github.sha }} \
+        --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}
+    - name: notify
+      if: always()
+      uses: slackapi/slack-github-action@v1.24.0
+      with:
+        payload: |
+          {
+            "text": "message",
+            "blocks": [
+              {
+                "type": "section",
+                "text": {
+                  "type": "mrkdwn",
+                  "text": "Environment : dev, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}."
+                }
+              }
+            ]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
diff --git a/.github/workflows/part4/cicd-2.yaml b/.github/workflows/part4/cicd-2.yaml
@@ -0,0 +1,156 @@
+name: cicd-2
+on:
+  pull_request:
+    types: [opened, synchronize, closed]
+    branches: [dev, master]
+    paths:
+    - 'my-app/**'
+
+jobs:
+  test:
+    if: github.event.action == 'opened' || github.event.action == 'synchronize'
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+#    - name: setup-node
+#      uses: actions/setup-node@v3
+#      with:
+#        node-version: 18
+#    - name: Cache Node.js modules
+#      uses: actions/cache@v3
+#      with:
+#        path: ~/.npm
+#        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+#        restore-keys: |
+#          ${{ runner.os }}-node-
+#    - name: Install dependencies
+#      run: |
+#        cd my-app
+#        npm ci
+#    - name: npm build
+#      run: |
+#        cd my-app
+#        npm run build
+
+  set-environment:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    outputs:
+      environment: ${{ steps.set-env.outputs.environment }}
+    steps:
+    - name: set env
+      id: set-env
+      run: |
+        echo ${{ github.base_ref }}
+        echo "environment=dev" >> $GITHUB_OUTPUT
+
+        if [[ ${{ github.base_ref }} == "master" ]]; then
+          echo "environment=prod" >> $GITHUB_OUTPUT 
+        fi
+    - name: check env
+      run: echo ${{ steps.set-env.outputs.environment }}
+
+  image-build:
+    runs-on: ubuntu-latest
+    needs: [set-environment]
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        environment: ["${{ needs.set-environment.outputs.environment }}"]
+    environment: ${{ matrix.environment }}
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+#    - name: Configure AWS Credentials
+#      id: credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        aws-region: ${{ vars.AWS_REGION }}
+#        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+#    - name: Login to Amazon ECR
+#      id: login-ecr
+#      uses: aws-actions/amazon-ecr-login@v2
+#      with:
+#        mask-password: 'true'
+#    - name: docker build & push
+#      run: |
+#        docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} .
+#        docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }}
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [ set-environment, image-build ]
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        environment: ["${{ needs.set-environment.outputs.environment }}"]
+    environment: ${{ matrix.environment }}  
+    steps:
+    - name: checkout the code
+      uses: actions/checkout@v4
+#    - name: Configure AWS Credentials
+#      id: credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        aws-region: ${{ vars.AWS_REGION }}
+#        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+#    - name: setup kubectl
+#      uses: azure/setup-kubectl@v3
+#      with:
+#        version: latest
+#    - name: setup helm
+#      uses: azure/setup-helm@v3
+#      with:
+#        version: v3.11.1
+#    - name: access kubernetes
+#      run: |
+#        aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }}
+#    - name: deploy
+#      id: status
+#      run: |
+#        helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \
+#        --set image.tag=${{ github.sha }} \
+#        --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}
+#    - name: notify
+#      if: always()
+#      uses: slackapi/slack-github-action@v1.24.0
+#      with:
+#        payload: |
+#          {
+#            "text": "message",
+#            "blocks": [
+#              {
+#                "type": "section",
+#                "text": {
+#                  "type": "mrkdwn",
+#                  "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}."
+#                }
+#              }
+#            ]
+#          }
+#      env:
+#        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
+
+  create-pr:
+    if: needs.set-environment.outputs.environment == 'dev'
+    runs-on: ubuntu-latest
+    needs: [set-environment, deploy]
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+    - name: gh auth login
+      run: |
+        echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token
+    - name: create branch
+      run: |
+        git checkout -b release/${{ github.run_id }}
+        git push origin release/${{ github.run_id }}
+    - name: create pr
+      run: |
+        gh pr create --base master --head release/${{ github.run_id }} --title "release/${{ github.run_id }} -> master" --body "release pr"