feat: harden auth ops and deployment baseline

This commit is contained in:
2026-06-27 10:53:53 +09:00
parent a6ca30eec8
commit 28060b71be
41 changed files with 714 additions and 208 deletions
+15 -9
View File
@@ -26,6 +26,9 @@ jobs:
dotnet clean TaxBaik.sln -c Release
dotnet build TaxBaik.sln -c Release --no-restore
- name: Test solution
run: dotnet test TaxBaik.sln -c Release --no-build
- name: Publish Web (통합 앱)
run: dotnet publish TaxBaik.Web/ -c Release -o ./publish --no-restore
@@ -52,20 +55,23 @@ jobs:
DEPLOY_USER="${{ secrets.DEPLOY_USER }}"
echo "=== Deploying TaxBaik v$(git rev-parse --short HEAD) ==="
mkdir -p "$DEPLOY_DIR"
cp -r ./publish/* "$DEPLOY_DIR/"
ln -sfn "$DEPLOY_DIR" "$DEPLOY_HOME/taxbaik_active"
echo "✓ Deployed to $DEPLOY_DIR"
# 서버에서 systemd로 서비스를 재시작
echo "=== Restarting service on server ==="
mkdir -p ~/.ssh
printf '%s' "${{ secrets.DEPLOY_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes "$DEPLOY_USER@$DEPLOY_HOST" "sudo systemctl restart taxbaik"
tar -czf taxbaik_publish.tgz -C ./publish .
scp -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes taxbaik_publish.tgz "$DEPLOY_USER@$DEPLOY_HOST:/tmp/taxbaik_publish_${TIMESTAMP}.tgz"
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes "$DEPLOY_USER@$DEPLOY_HOST" "
set -e
mkdir -p '$DEPLOY_DIR'
tar -xzf '/tmp/taxbaik_publish_${TIMESTAMP}.tgz' -C '$DEPLOY_DIR'
rm -f '/tmp/taxbaik_publish_${TIMESTAMP}.tgz'
ln -sfn '$DEPLOY_DIR' '$DEPLOY_HOME/taxbaik_active'
sudo systemctl restart taxbaik
"
sleep 5
echo "✓ Deployment complete"
echo "✓ Deployed to $DEPLOY_HOST:$DEPLOY_DIR"
- name: Verify deployment
run: |