From b46ec3c1a6032deba607f0e88d648f6c2f5446a7 Mon Sep 17 00:00:00 2001 From: chpark Date: Sat, 25 Apr 2026 21:16:45 +0900 Subject: [PATCH] =?UTF-8?q?fix(ci):=20actions/checkout=20=EC=A0=9C?= =?UTF-8?q?=EA=B1=B0=20+=20secret=20=EA=B2=80=EC=A6=9D=20=EB=8B=A8?= =?UTF-8?q?=EA=B3=84=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 이전 실패 원인: Gitea Actions runner 가 actions/checkout@v4 를 가져오지 못해 4초만에 즉사. 어차피 원격 서버에서 git clone 하므로 checkout 단계 자체가 불필요. 첫 단계에서 필수 secret 부재 여부를 명시적으로 검사. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/deploy.yml | 46 ++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 11b4633..2a41dff 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -9,15 +9,20 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Verify required secrets + run: | + [ -n "${{ secrets.DEPLOY_SSH_KEY }}" ] || { echo "::error::DEPLOY_SSH_KEY secret 누락"; exit 1; } + [ -n "${{ secrets.DEPLOY_HOST }}" ] || { echo "::error::DEPLOY_HOST secret 누락"; exit 1; } + [ -n "${{ secrets.DEPLOY_USER }}" ] || { echo "::error::DEPLOY_USER secret 누락"; exit 1; } + [ -n "${{ secrets.DATABASE_URL }}" ] || { echo "::error::DATABASE_URL secret 누락"; exit 1; } + echo "✔ secrets present" - name: Setup SSH run: | mkdir -p ~/.ssh - echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_rsa + printf '%s\n' "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null + ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true - name: Deploy via SSH env: @@ -36,17 +41,34 @@ jobs: MOMO_BANK_ACCOUNT: ${{ secrets.MOMO_BANK_ACCOUNT }} MOMO_PHONE: ${{ secrets.MOMO_PHONE }} run: | - ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" bash -s << 'REMOTE' + # 환경변수를 원격 셸로 전달하기 위해 export 한 뒤 -E 로 보내거나, heredoc 안에서 GitHub-style 변수 보간 사용 + ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 "$SSH_USER@$SSH_HOST" \ + "DATABASE_URL='$DATABASE_URL' \ + NEXTAUTH_URL='$NEXTAUTH_URL' \ + NEXTAUTH_SECRET='$NEXTAUTH_SECRET' \ + MASTER_PWD='$MASTER_PWD' \ + AES_KEY='$AES_KEY' \ + SMTP_HOST='$SMTP_HOST' \ + SMTP_PORT='$SMTP_PORT' \ + SMTP_USER='$SMTP_USER' \ + SMTP_PASS='$SMTP_PASS' \ + SMTP_FROM='$SMTP_FROM' \ + MOMO_BANK_ACCOUNT='$MOMO_BANK_ACCOUNT' \ + MOMO_PHONE='$MOMO_PHONE' \ + bash -s" <<'REMOTE_SCRIPT' set -e DEPLOY_DIR="$HOME/momo-erp/source" mkdir -p "$HOME/momo-erp" if [ -d "$DEPLOY_DIR/.git" ]; then - cd "$DEPLOY_DIR" && git fetch origin && git reset --hard origin/main + cd "$DEPLOY_DIR" + git fetch origin + git reset --hard origin/main else git clone https://git.junggomoa.com/chpark/distribution_erp.git "$DEPLOY_DIR" cd "$DEPLOY_DIR" fi - cat > .env.production < .env.production <