DorumDorum · KoungQ · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -1,3 +1,5 @@
+# CI/CD에 필요한 GitHub Secrets (Repo Settings > Secrets and variables > Actions)
+
 name: cicd
 
 on:
@@ -16,23 +18,32 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Log - Checkout done
+        run: echo ">>> [CI] Checkout done"
+
       - name: Setup JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: "17"
 
+      - name: Log - JDK ready
+        run: echo ">>> [CI] JDK 17 ready"
+
       - name: Setup Gradle cache
         uses: gradle/actions/setup-gradle@v4
 
       - name: Run tests
-        run: ./gradlew test --no-daemon
+        run: |
+          echo ">>> [CI] Running tests..."
+          ./gradlew test --no-daemon
+          echo ">>> [CI] Tests passed"
 
   docker-build-and-push:
     name: Docker Build and Push
     runs-on: ubuntu-latest
     needs: test
-    if: github.event_name != 'pull_request' && github.ref == 'refs/heads/production'
+    if: github.ref == 'refs/heads/production' && github.event_name == 'push'
 
     permissions:
       contents: read
@@ -42,15 +53,24 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Log - Checkout done
+        run: echo ">>> [Docker] Checkout done"
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Log - Buildx ready
+        run: echo ">>> [Docker] Buildx ready"
+
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Log - Docker Hub login done
+        run: echo ">>> [Docker] Docker Hub login done"
+
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -69,11 +89,14 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Log - Image pushed
+        run: echo ">>> [Docker] Image built and pushed"
+
   deploy:
     name: Deploy to GCE
     runs-on: ubuntu-latest
     needs: docker-build-and-push
-    if: github.event_name == 'push' && github.ref == 'refs/heads/production'
+    if: github.ref == 'refs/heads/production' && github.event_name == 'push'
 
     steps:
       - name: Deploy over SSH
@@ -93,15 +116,18 @@ jobs:
           SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
           SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
           CONTAINER_NAME: dorumdorum-be
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO_FULL_NAME: ${{ github.repository }}
         with:
           host: ${{ secrets.GCE_HOST }}
           username: ${{ secrets.GCE_USER }}
           key: ${{ secrets.GCE_SSH_KEY }}
           port: ${{ secrets.GCE_SSH_PORT }}
-          envs: IMAGE,DOCKERHUB_USERNAME,DOCKERHUB_TOKEN,FIREBASE_SERVICE_ACCOUNT_B64,RDB_USERNAME,RDB_URL,RDB_PASSWORD,MONGODB_URI,JWT_KEY,JWT_ACCESS_EXPIRATION,JWT_REFRESH_EXPIRATION,SMTP_USERNAME,SMTP_PASSWORD,CONTAINER_NAME
+          envs: IMAGE,DOCKERHUB_USERNAME,DOCKERHUB_TOKEN,FIREBASE_SERVICE_ACCOUNT_B64,RDB_USERNAME,RDB_URL,RDB_PASSWORD,MONGODB_URI,JWT_KEY,JWT_ACCESS_EXPIRATION,JWT_REFRESH_EXPIRATION,SMTP_USERNAME,SMTP_PASSWORD,CONTAINER_NAME,GITHUB_TOKEN,REPO_FULL_NAME
           script_stop: true
           script: |
             set -e
+            echo ">>> [Deploy] SSH 연결됨, 환경 변수 정규화 중..."
 
             RDB_USERNAME="$(printf '%s' "$RDB_USERNAME" | tr -d '\r\n')"
             RDB_URL="$(printf '%s' "$RDB_URL" | tr -d '\r\n')"
@@ -116,6 +142,7 @@ jobs:
             DEPLOY_PATH="${HOME}/dorumdorum"
             mkdir -p "$DEPLOY_PATH"
             cd "$DEPLOY_PATH"
+            echo ">>> [Deploy] DEPLOY_PATH=$DEPLOY_PATH"
 
             # 1) Firebase 서비스 계정 파일 생성 (VM에 저장)
             printf '%s' "$FIREBASE_SERVICE_ACCOUNT_B64" | base64 -d > firebase-service-account.json
@@ -138,6 +165,7 @@ jobs:
               "SMTP_PASSWORD=$SMTP_PASSWORD" \
               "FIREBASE_SERVICE_ACCOUNT_PATH=$FIREBASE_SERVICE_ACCOUNT_PATH" > .env
             chmod 600 .env
+            echo ">>> [Deploy] .env, firebase-service-account.json 생성 완료"
 
             docker info >/dev/null 2>&1 || {
               echo "Docker socket permission denied for current deploy user."
@@ -146,32 +174,74 @@ jobs:
             }
 
             echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
+            echo ">>> [Deploy] Docker Hub 로그인 완료"
 
+            echo ">>> [Deploy] Redis 이미지 pull 중..."
             docker pull redis:7-alpine
+            echo ">>> [Deploy] Backend 이미지 pull 중..."
             docker pull "$IMAGE"
 
+            echo ">>> [Deploy] 네트워크 확인/생성 중..."
             docker network inspect dorumdorum-net >/dev/null 2>&1 || docker network create dorumdorum-net
 
-            docker stop dorumdorum-redis >/dev/null 2>&1 || true
-            docker rm dorumdorum-redis >/dev/null 2>&1 || true
-            docker stop "$CONTAINER_NAME" >/dev/null 2>&1 || true
-            docker rm "$CONTAINER_NAME" >/dev/null 2>&1 || true
-
-            docker run -d --name dorumdorum-redis \
-              --restart unless-stopped \
-              --network dorumdorum-net \
-              -v redis-data:/data \
-              redis:7-alpine redis-server --appendonly yes
-
-            # 4) 컨테이너 실행: .env로 FIREBASE_SERVICE_ACCOUNT_PATH까지 주입됨
-            docker run -d --name "$CONTAINER_NAME" \
-              --restart unless-stopped \
-              --network dorumdorum-net \
-              -p 8080:8080 \
-              --env-file .env \
-              -e REDIS_HOST=dorumdorum-redis \
-              -e REDIS_PORT=6379 \
-              -v "$DEPLOY_PATH/firebase-service-account.json:/app/firebase-service-account.json:ro" \
-              "$IMAGE"
-
+            # 통합 docker-compose 파일 및 설정 파일들 준비
+            COMPOSE_PATH="${HOME}/dorumdorum-compose"
+            mkdir -p "$COMPOSE_PATH"
+            cd "$COMPOSE_PATH"
+            echo ">>> [Deploy] COMPOSE_PATH=$COMPOSE_PATH, Git clone 중..."
+            rm -rf temp_repo
+
+            # Git에서 production 브랜치로 docker-compose.yml, monitoring 가져오기
+            git clone --depth 1 -b production "https://x-access-token:${GITHUB_TOKEN}@github.com/${REPO_FULL_NAME}.git" temp_repo
+            echo ">>> [Deploy] Clone 완료, docker-compose.yml · monitoring 복사 중..."
+
+            if [ -f "temp_repo/docker-compose.yml" ]; then
+              cp temp_repo/docker-compose.yml .
+              echo ">>> [Deploy] docker-compose.yml 복사 완료"
+            else
+              echo "ERROR: docker-compose.yml not found in temp_repo/"
+              ls -la temp_repo/ || true
+              exit 1
+            fi
+
+            if [ -d "temp_repo/monitoring" ]; then
+              mkdir -p monitoring
+              cp -r temp_repo/monitoring/* monitoring/
+              echo ">>> [Deploy] monitoring 설정 파일 복사 완료"
+            else
+              echo "WARNING: monitoring directory not found, creating empty structure"
+              mkdir -p monitoring/prometheus monitoring/grafana/provisioning/dashboards/json monitoring/grafana/provisioning/datasources
+            fi
+
+            rm -rf temp_repo
+            echo ">>> [Deploy] temp_repo 삭제, compose 파일 확인 중..."
+
+            # docker-compose.yml 파일 존재 확인
+            if [ ! -f "docker-compose.yml" ]; then
+              echo "ERROR: docker-compose.yml not found after copy"
+              ls -la
+              exit 1
+            fi
+
+            # .env 파일과 firebase-service-account.json 복사
+            cp "$DEPLOY_PATH/.env" .
+            cp "$DEPLOY_PATH/firebase-service-account.json" .
+            echo ">>> [Deploy] .env, firebase-service-account.json 복사 완료"
+
+            # docker-compose로 모든 서비스 실행
+            export BACKEND_IMAGE="$IMAGE"
+            export CONTAINER_NAME="$CONTAINER_NAME"
+            echo ">>> [Deploy] 기존 컨테이너 정리 (down + 이름으로 강제 제거)..."
+            docker-compose -f docker-compose.yml down --remove-orphans >/dev/null 2>&1 || true
+            docker rm -f dorumdorum-redis dorumdorum-be dorumdorum-prometheus dorumdorum-grafana 2>/dev/null || true
+            echo ">>> [Deploy] docker-compose up -d 실행 중..."
+            docker-compose -f docker-compose.yml up -d
+
+            echo ">>> [Deploy] 오래된 이미지 정리 중..."
             docker image prune -af --filter "until=168h"
+
+            echo ">>> [Deploy] 배포 완료"
+            echo "- Backend: http://localhost:8080"
+            echo "- Redis: localhost:6379"
+            echo "- Prometheus: http://localhost:9090"
+            echo "- Grafana: http://localhost:3000 (admin/admin)"
diff --git a/be.env.example b/be.env.example
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,77 @@
+services:
+  redis:
+    image: redis:7-alpine
+    container_name: dorumdorum-redis
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    command: redis-server --appendonly yes
+    restart: unless-stopped
+    networks:
+      - dorumdorum-net
+
+  backend:
+    image: ${BACKEND_IMAGE:-koungq/dorumdorum-be:latest}
+    container_name: ${CONTAINER_NAME:-dorumdorum-be}
+    ports:
+      - "8080:8080"
+    env_file:
+      - .env
+    environment:
+      - REDIS_HOST=redis
+      - REDIS_PORT=6379
+    volumes:
+      - ./firebase-service-account.json:/app/firebase-service-account.json:ro
+    depends_on:
+      - redis
+    restart: unless-stopped
+    networks:
+      - dorumdorum-net
+
+  prometheus:
+    image: prom/prometheus:v2.52.0
+    container_name: dorumdorum-prometheus
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./monitoring/prometheus/prometheus.prod.yml:/etc/prometheus/prometheus.yml:ro
+      - prometheus_data:/prometheus
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.path=/prometheus"
+      - "--web.enable-lifecycle"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    restart: unless-stopped
+    networks:
+      - dorumdorum-net
+
+  grafana:
+    image: grafana/grafana:11.2.0
+    container_name: dorumdorum-grafana
+    ports:
+      - "3000:3000"
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_SERVER_ROOT_URL=http://localhost:3000
+      - GF_INSTALL_PLUGINS=grafana-piechart-panel
+    volumes:
+      - ./monitoring/grafana/provisioning:/etc/grafana/provisioning:ro
+      - grafana_data:/var/lib/grafana
+    depends_on:
+      - prometheus
+    restart: unless-stopped
+    networks:
+      - dorumdorum-net
+
+volumes:
+  redis_data:
+  prometheus_data:
+  grafana_data:
+
+networks:
+  dorumdorum-net:
+    external: true
diff --git a/monitoring/grafana/provisioning/dashboards/dashboards.yml b/monitoring/grafana/provisioning/dashboards/dashboards.yml
@@ -0,0 +1,12 @@
+apiVersion: 1
+providers:
+  - name: "dorumdorum"
+    orgId: 1
+    folder: "Dorumdorum"
+    folderUid: "dorumdorum"
+    type: file
+    disableDeletion: false
+    updateIntervalSeconds: 30
+    allowUiUpdates: true
+    options:
+      path: /etc/grafana/provisioning/dashboards/json