From 0872b44253c3d6a4af84c2581a1d00a5ca83042d Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Sat, 27 Jun 2026 11:08:58 +0900 Subject: [PATCH] fix: inject production jwt secret during deploy --- .gitea/workflows/deploy.yml | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index de2f43c..8e4e8ed 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -32,6 +32,31 @@ jobs: - name: Publish Web (통합 앱) run: dotnet publish TaxBaik.Web/ -c Release -o ./publish --no-restore + - name: Write production secrets + run: | + set -e + JWT_SECRET_KEY="${{ secrets.TAXBAIK_JWT_SECRET_KEY }}" + if [ -z "$JWT_SECRET_KEY" ]; then + echo "Missing TAXBAIK_JWT_SECRET_KEY secret" >&2 + exit 1 + fi + JWT_SECRET_KEY="$JWT_SECRET_KEY" python3 - <<'PY' + import json + import os + from pathlib import Path + + config = { + "Jwt": { + "SecretKey": os.environ["JWT_SECRET_KEY"] + } + } + + Path("./publish/appsettings.Production.json").write_text( + json.dumps(config, ensure_ascii=False, indent=2), + encoding="utf-8", + ) + PY + - name: Copy migrations to publish run: | cp -r db/migrations ./publish/migrations || true @@ -121,5 +146,6 @@ jobs: if [ "$HOME_STATUS" = "200" ] && [ "$LOGIN_STATUS" = "200" ] && echo "$AUTH_BODY" | grep -q '"token"'; then echo "✓ Service is running" else - echo "⚠ Service may not be running (home: $HOME_STATUS, login: $LOGIN_STATUS, auth: $AUTH_BODY)" + echo "Service verification failed (home: $HOME_STATUS, login: $LOGIN_STATUS, auth: $AUTH_BODY)" >&2 + exit 1 fi