[Merge/#458] dev -> main 병합

[Hyun0828]

PR 타입(하나 이상의 PR 타입을 선택해주세요)

• 기능 추가
• 기능 삭제
• 버그 수정
• 의존성, 환경 변수, 빌드 관련 코드 업데이트
• 리팩터링

반영 브랜치

dev -> main

작업 내용

main 브랜치 병합

테스트 결과

Summary by CodeRabbit

Release Notes

• Refactor

  • 사용자 프로필 업데이트 기능에서 소셜 로그인 연동 정보 필드 제거

• Chores

  • 컨테이너 이미지 기본값을 최신 LTS 버전으로 업데이트하고 빌드 캐시 레이어 최적화

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

도커 베이스 이미지를 openjdk:17-jdk-slim에서 eclipse-temurin:17-jdk-focal로 업데이트하고 APT 캐시 정리를 추가했습니다. 또한 사용자 업데이트 요청 DTO 및 서비스에서 kakaoId 필드와 관련 업데이트 로직을 제거했습니다.

Changes

응집체 / 파일	변경 요약
컨테이너 구성 Dockerfile	베이스 이미지를 eclipse-temurin:17-jdk-focal로 변경하고, APT 캐시 정리(rm -rf /var/lib/apt/lists/*)를 패키지 설치 단계에 추가
사용자 DTO 및 서비스 로직 src/main/java/stackpot/stackpot/user/dto/request/UserUpdateRequestDto.java, src/main/java/stackpot/stackpot/user/service/UserCommandServiceImpl.java	UserUpdateRequestDto에서 kakaoId 필드 제거 및 UserCommandServiceImpl의 updateUserProfile 메서드에서 KakaoId 업데이트 로직 삭제

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• STACKPOT-BE#461: kakaoId 필드를 UserUpdateRequestDto에서 제거하고 UserCommandServiceImpl의 KakaoId 업데이트 로직을 삭제하는 동일한 코드 레벨 변경 수행

Suggested labels

🔥 fix

Poem

🐰 카카오 아이디는 가고,
도커는 새로이 단장했네,
캐시는 깨끗이 정리되고,
코드는 더욱 가벼워졌도다!
변화의 바람 타고 나는 토끼 ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	PR 제목이 '[Merge/#458] dev -> main 병합'으로 매우 일반적이며, 실제 변경 사항의 구체적 내용을 전달하지 않습니다.	제목을 더 구체적으로 변경하세요. 예: '[Merge/#458] kakaoId 필드 제거 및 JDK 17 이미지 업데이트' 또는 주요 변경 사항을 명확히 포함시키세요.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f90a65c and 05a3947.

📒 Files selected for processing (3)

• Dockerfile
• src/main/java/stackpot/stackpot/user/dto/request/UserUpdateRequestDto.java
• src/main/java/stackpot/stackpot/user/service/UserCommandServiceImpl.java

💤 Files with no reviewable changes (2)

• src/main/java/stackpot/stackpot/user/dto/request/UserUpdateRequestDto.java
• src/main/java/stackpot/stackpot/user/service/UserCommandServiceImpl.java

🔇 Additional comments (1)

Dockerfile (1)

4-4: 좋은 개선사항입니다!

APT 캐시 정리(rm -rf /var/lib/apt/lists/*)를 추가하여 최종 이미지 크기를 줄이는 것은 Docker 베스트 프랙티스입니다. 이미 단일 RUN 명령어로 최적화되어 있어 레이어 수도 최소화되었습니다.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check available eclipse-temurin:17 tags and their details

echo "=== Checking eclipse-temurin repository on Docker Hub ==="

# Get available tags for eclipse-temurin
curl -s "https://hub.docker.com/v2/repositories/library/eclipse-temurin/tags?page_size=100" | \
  python3 << 'PYTHON_EOF'
import json
import sys

try:
    data = json.load(sys.stdin)
    tags = data.get('results', [])
    
    # Filter for 17-jdk tags
    jdk17_tags = [t for t in tags if '17-jdk' in t['name']]
    
    print("Available eclipse-temurin:17-jdk tags:")
    for tag in sorted(jdk17_tags, key=lambda x: x['name'])[:20]:
        size_mb = tag.get('full_size', 0) / (1024 * 1024)
        print(f"  {tag['name']:<30} Size: {size_mb:.1f}MB")
    
except json.JSONDecodeError:
    print("Error parsing Docker Hub response")
    sys.exit(1)
PYTHON_EOF

Repository: STACKPOT/STACKPOT-BE

Length of output: 150

---

🌐 Web query:

eclipse-temurin:17 jdk focal slim image size comparison security 2025

💡 Result:

Summary (as of Dec 29, 2025)

• Size (examples for amd64):

  • eclipse-temurin:17-jdk-focal ≈ 417 MB (full JDK). [1][2]
  • eclipse-temurin:17-jre-focal ≈ 266 MB (runtime/JRE). [2]
  • Alpine variants (e.g., 17-jre-alpine) are much smaller (~50–80 MB compressed) but use musl and can break some apps. [1]

• Security / CVEs:

  • Focal-based Temurin images inherit Ubuntu 20.04 packages; vulnerability reports exist for focal images (example: CVE-2025-6965 reported for an image built on focal via Snyk). Keep packages updated or use ESM backports where required. [3]
  • Eclipse Temurin images are maintained by Adoptium and receive Java security updates; you must still track OS-package CVEs in the base (focal) layer. [1]

• Recommendations

  • For minimal image size: use an Alpine Temurin JRE if your app and native dependencies are compatible. [1]
  • For better compatibility and fewer package CVEs: use the focal/jammy JRE image (smaller than JDK) and apply OS updates regularly or use rebuilt images with patched packages. [2][3]
  • For production security: pin exact image digests, subscribe to Adoptium/Docker Hub release notices, and run regular vulnerability scans (Trivy/Snyk) on your final images. [1][3]

Sources

1. Eclipse Temurin official Docker listings / Docker Hub. [Docker Hub]. (hub.docker.com)
2. mirror/image metadata showing tag sizes (eclipse-temurin:17-jdk-focal ≈417MB, 17-jre-focal ≈266MB). (docker.aityp.com)
3. Snyk vulnerability report example for a focal-based Temurin image (shows CVE details). (snyk.io)

If you want, I can fetch exact current sizes for specific tags/digests for your platform (linux/amd64, arm64) and list known CVEs for the latest 17-focal tags.

Citations:

• 1: https://hub.docker.com/_/eclipse-temurin/?utm_source=openai
• 2: https://docker.aityp.com/image/docker.io/library/eclipse-temurin%3A17-jdk-focal?utm_source=openai
• 3: https://snyk.io/test/docker/maven%3A3.8.7-eclipse-temurin-17-focal?utm_source=openai

---

🌐 Web query:

eclipse-temurin docker latest recommendations 2025 openjdk alternative

💡 Result:

Short answer — yes: continue using the official eclipse-temurin Docker images, but don’t rely on an unqualified "latest" tag in production. Pin to a specific major.minor (or better: the exact tag + digest), choose the OS variant you need (alpine/ubi/debian/slim/nanoserver), and prefer a minimized runtime (jlink/custom JRE or slim/jre images) when size/attack-surface matters. Good alternatives if you want a different OpenJDK build are Amazon Corretto, Azul Zulu (or Zulu Prime), BellSoft Liberica, Microsoft Build of OpenJDK and Red Hat/SAP builds — pick one with the support and platform variants you require. [1][2][3][4]

Practical recommendations

• Pin images by tag and digest, e.g. FROM eclipse-temurin:17.0.17-jdk@sha256:. Avoid using the floating "latest" tag for production. [2]
• Pick the right variant: alpine (now Alpine 3.22 default), debian/ubuntu/ubi/nanoserver or slim/minimal depending on compatibility and security needs. [1][2]
• Use jlink or multi-stage builds to produce a small runtime image (recommended on JDK 21+). [2][1]
• Track upstream releases and security fixes (Temurin release notes / DockerHub releases) and automate image updates (dependabot/renovate). [1][4]
• If you need vendor support or different licensing/patch cadence, evaluate alternatives (Corretto, Zulu, Liberica, Microsoft, Red Hat/SAP). Verify each vendor’s container image variants and support policy before switching. [3][6]

Sources

• Adoptium / Temurin release notes & blog (image changes, Alpine default, new Java 24/25 releases). [1][3]
• eclipse-temurin Docker Official Image documentation (tags, examples, jlink guidance). [2]
• Microsoft devblog on Java container image lifecycle (example of deprecation removal; illustrates importance of tracking vendor image lifecycle). [6]
• Release tracking / Docker Hub activity (useful for automating updates). [4]

If you want, I can:

• look up the current Temurin tag/digest for a specific Java version (e.g., 17/21/24/25) and give exact FROM lines, or
• compare a specific alternative vendor (Corretto/Zulu/Liberica) for image availability and support windows. Which would you prefer?

---

🏁 Script executed:

#!/bin/bash
# Check if slim variant exists and compare with focal

echo "=== Verifying specific image tags ==="
for tag in "17-jdk-focal" "17-jdk-slim" "17-jdk"; do
  echo "Checking eclipse-temurin:$tag..."
  curl -s "https://hub.docker.com/v2/repositories/library/eclipse-temurin/tags/$tag" | \
    python3 << PYTHON_EOF 2>/dev/null || echo "  Tag not found"
import json
import sys
try:
    data = json.loads(sys.stdin.read() or '{}')
    if 'name' in data:
        size_mb = data.get('full_size', 0) / (1024 * 1024)
        print(f"  Found: {data['name']}, Size: {size_mb:.1f}MB")
    else:
        print("  Tag not found or invalid")
except:
    print("  Error checking tag")
PYTHON_EOF
done

Repository: STACKPOT/STACKPOT-BE

Length of output: 150

---

베이스 이미지 최적화 검토 필요

Eclipse Temurin은 Eclipse Foundation의 공식 OpenJDK 배포판으로 좋은 선택입니다. 다만 focal 베리언트는 다음 사항을 개선할 수 있습니다:

1. 이미지 크기: 17-jdk-focal은 약 417MB이지만, 17-jre-focal을 사용하면 약 266MB로 약 150MB를 절감할 수 있습니다 (애플리케이션에서 JDK가 필요하지 않다면).

2. 보안 고려사항: focal 베리언트는 Ubuntu 20.04 기반이며, CVE-2025-6965 등 OS 패키지 취약점의 영향을 받을 수 있습니다. 프로덕션 환경에서는:

   • 정확한 이미지 다이제스트로 핀(pin)하기: FROM eclipse-temurin:17-jdk-focal@sha256:<digest>
   • 정기적으로 취약점 스캔 수행 (Trivy/Snyk 활용)

3. 추가 최적화 옵션: 애플리케이션과 네이티브 의존성이 호환된다면, Alpine 베리언트(17-jre-alpine)로 훨씬 더 작은 이미지를 만들 수 있습니다.

JDK 대신 JRE 사용이 필요한지, 또는 Alpine 호환성 여부를 검토해주세요.

🤖 Prompt for AI Agents

Dockerfile lines 2-2: the base image uses eclipse-temurin:17-jdk-focal which is
larger and may expose OS CVEs; if the app does not need the JDK switch to a JRE
variant (e.g., eclipse-temurin:17-jre-focal) to reduce image size, or consider
an Alpine variant (e.g., 17-jre-alpine) if native deps are compatible;
additionally pin the image to a digest (FROM
eclipse-temurin:17-jre-focal@sha256:<digest>) and add this repository to your
build/security checklist to run regular vulnerability scans (Trivy/Snyk) and
update the pinned digest when rebuilding.