fix: Docker build-args로 환경 변수 전달 방식 변경 (#77)

- Dockerfile에서 ARG로 환경 변수 받아서 .env.production 생성
- 워크플로우에서 build-args로 secrets 전달
- 파일 복사 대신 명시적 build-args 사용으로 안정성 향상

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: youngminss

.github/workflows/development-deploy.yml

@@ -40,26 +40,6 @@ jobs:
         if: steps.changes.outputs.client == 'true' || steps.changes.outputs.nginx == 'true'
         uses: docker/setup-buildx-action@v3
 
-      - name: Create .env.production
-        if: steps.changes.outputs.client == 'true'
-        run: |
-          echo "NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }}" > .env.production
-          echo "NEXT_PUBLIC_AWS_S3=${{ secrets.NEXT_PUBLIC_AWS_S3 }}" >> .env.production
-          echo "NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID }}" >> .env.production
-          echo "NEXT_PUBLIC_GA_ID=${{ secrets.NEXT_PUBLIC_GA_ID }}" >> .env.production
-
-      - name: Debug .env.production
-        if: steps.changes.outputs.client == 'true'
-        run: |
-          echo "=== .env.production file exists ==="
-          ls -la .env.production
-          echo "=== Variable names in .env.production ==="
-          cut -d'=' -f1 .env.production
-          echo "=== Check value lengths ==="
-          while IFS='=' read -r key value; do
-            echo "$key length: ${#value}"
-          done < .env.production
-
       - name: Build and Push Client image
         if: steps.changes.outputs.client == 'true'
         uses: docker/build-push-action@v5
@@ -69,6 +49,11 @@ jobs:
           file: ./docker/client/Dockerfile
           tags: ${{ secrets.DOCKER_HUB_USERNAME }}/yogieat-client:latest
           no-cache: true
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }}
+            NEXT_PUBLIC_AWS_S3=${{ secrets.NEXT_PUBLIC_AWS_S3 }}
+            NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID }}
+            NEXT_PUBLIC_GA_ID=${{ secrets.NEXT_PUBLIC_GA_ID }}
 
       - name: Build and Push Nginx image
         if: steps.changes.outputs.nginx == 'true'

.github/workflows/production-deploy.yml

@@ -40,14 +40,6 @@ jobs:
         if: steps.changes.outputs.client == 'true' || steps.changes.outputs.nginx == 'true'
         uses: docker/setup-buildx-action@v3
 
-      - name: Create .env.production
-        if: steps.changes.outputs.client == 'true'
-        run: |
-          echo "NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL_PROD }}" > .env.production
-          echo "NEXT_PUBLIC_AWS_S3=${{ secrets.NEXT_PUBLIC_AWS_S3 }}" >> .env.production
-          echo "NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID_PROD || secrets.NEXT_PUBLIC_GTM_ID }}" >> .env.production
-          echo "NEXT_PUBLIC_GA_ID=${{ secrets.NEXT_PUBLIC_GA_ID_PROD || secrets.NEXT_PUBLIC_GA_ID }}" >> .env.production
-
       - name: Build and Push Client image
         if: steps.changes.outputs.client == 'true'
         uses: docker/build-push-action@v5
@@ -58,6 +50,11 @@ jobs:
           tags: ${{ secrets.DOCKER_HUB_USERNAME }}/yogieat-client:latest
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL_PROD }}
+            NEXT_PUBLIC_AWS_S3=${{ secrets.NEXT_PUBLIC_AWS_S3 }}
+            NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID_PROD || secrets.NEXT_PUBLIC_GTM_ID }}
+            NEXT_PUBLIC_GA_ID=${{ secrets.NEXT_PUBLIC_GA_ID_PROD || secrets.NEXT_PUBLIC_GA_ID }}
 
       - name: Build and Push Nginx image
         if: steps.changes.outputs.nginx == 'true'

docker/client/Dockerfile

@@ -16,6 +16,18 @@ WORKDIR /app
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 
+# Build arguments for environment variables
+ARG NEXT_PUBLIC_API_URL
+ARG NEXT_PUBLIC_AWS_S3
+ARG NEXT_PUBLIC_GTM_ID
+ARG NEXT_PUBLIC_GA_ID
+
+# Create .env.production from build args
+RUN echo "NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}" > .env.production && \
+    echo "NEXT_PUBLIC_AWS_S3=${NEXT_PUBLIC_AWS_S3}" >> .env.production && \
+    echo "NEXT_PUBLIC_GTM_ID=${NEXT_PUBLIC_GTM_ID}" >> .env.production && \
+    echo "NEXT_PUBLIC_GA_ID=${NEXT_PUBLIC_GA_ID}" >> .env.production
+
 ENV NEXT_PRIVATE_STANDALONE=true
 
 RUN corepack enable pnpm && pnpm run build;