feat: harden auth ops and deployment baseline
This commit is contained in:
@@ -26,6 +26,9 @@ jobs:
|
||||
dotnet clean TaxBaik.sln -c Release
|
||||
dotnet build TaxBaik.sln -c Release --no-restore
|
||||
|
||||
- name: Test solution
|
||||
run: dotnet test TaxBaik.sln -c Release --no-build
|
||||
|
||||
- name: Publish Web (통합 앱)
|
||||
run: dotnet publish TaxBaik.Web/ -c Release -o ./publish --no-restore
|
||||
|
||||
@@ -52,20 +55,23 @@ jobs:
|
||||
DEPLOY_USER="${{ secrets.DEPLOY_USER }}"
|
||||
|
||||
echo "=== Deploying TaxBaik v$(git rev-parse --short HEAD) ==="
|
||||
mkdir -p "$DEPLOY_DIR"
|
||||
cp -r ./publish/* "$DEPLOY_DIR/"
|
||||
ln -sfn "$DEPLOY_DIR" "$DEPLOY_HOME/taxbaik_active"
|
||||
echo "✓ Deployed to $DEPLOY_DIR"
|
||||
|
||||
# 서버에서 systemd로 서비스를 재시작
|
||||
echo "=== Restarting service on server ==="
|
||||
mkdir -p ~/.ssh
|
||||
printf '%s' "${{ secrets.DEPLOY_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_ed25519
|
||||
chmod 600 ~/.ssh/id_ed25519
|
||||
ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
||||
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes "$DEPLOY_USER@$DEPLOY_HOST" "sudo systemctl restart taxbaik"
|
||||
|
||||
tar -czf taxbaik_publish.tgz -C ./publish .
|
||||
scp -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes taxbaik_publish.tgz "$DEPLOY_USER@$DEPLOY_HOST:/tmp/taxbaik_publish_${TIMESTAMP}.tgz"
|
||||
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes "$DEPLOY_USER@$DEPLOY_HOST" "
|
||||
set -e
|
||||
mkdir -p '$DEPLOY_DIR'
|
||||
tar -xzf '/tmp/taxbaik_publish_${TIMESTAMP}.tgz' -C '$DEPLOY_DIR'
|
||||
rm -f '/tmp/taxbaik_publish_${TIMESTAMP}.tgz'
|
||||
ln -sfn '$DEPLOY_DIR' '$DEPLOY_HOME/taxbaik_active'
|
||||
sudo systemctl restart taxbaik
|
||||
"
|
||||
sleep 5
|
||||
echo "✓ Deployment complete"
|
||||
echo "✓ Deployed to $DEPLOY_HOST:$DEPLOY_DIR"
|
||||
|
||||
- name: Verify deployment
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user