fix(ci): secrets 파일 덮어쓰기 방지 (write_kv 사용)

2026-04-23 01:35:42 +09:00
parent 9ac766280d
commit 11b65d5b88
1 changed files with 13 additions and 4 deletions
@@ -52,10 +52,19 @@ if [ -r "$SECRETS_FILE" ]; then
 fi
 POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-$(openssl rand -hex 24)}"
 JWT_SECRET="${JWT_SECRET:-$(openssl rand -hex 32)}"
-cat > "$SECRETS_FILE" <<EOF
-POSTGRES_PASSWORD=$POSTGRES_PASSWORD
-JWT_SECRET=$JWT_SECRET
-EOF
+
+# 기존 secret 파일의 다른 키들은 보존하고 이 두 값만 갱신
+write_kv() {
+  local key="$1" val="$2" file="$3"
+  if [ -f "$file" ]; then
+    grep -v "^${key}=" "$file" > "${file}.tmp" || true
+    mv "${file}.tmp" "$file"
+  fi
+  echo "${key}=${val}" >> "$file"
+}
+touch "$SECRETS_FILE"
+write_kv POSTGRES_PASSWORD "$POSTGRES_PASSWORD" "$SECRETS_FILE"
+write_kv JWT_SECRET "$JWT_SECRET" "$SECRETS_FILE"
 chmod 600 "$SECRETS_FILE"

 kubectl -n insurance create secret generic postgres-credentials \