-
Notifications
You must be signed in to change notification settings - Fork 2
[CHORE] 프리뷰 배포 #422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
[CHORE] 프리뷰 배포 #422
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: Cleanup-Preview | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: [closed] | ||
| branches: ['develop'] | ||
|
|
||
| jobs: | ||
| cleanup: | ||
| runs-on: ubuntu-latest | ||
| environment: PREVIEW_ENV | ||
| permissions: | ||
| pull-requests: write | ||
|
|
||
| steps: | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_PREVIEW_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_PREVIEW_SECRET_ACCESS_KEY }} | ||
| aws-region: ap-northeast-2 | ||
|
|
||
| - name: Delete Preview from S3 | ||
| run: | | ||
| aws s3 rm s3://${{ secrets.AWS_PREVIEW_BUCKET_NAME }}/pr-${{ github.event.pull_request.number }}/ --recursive | ||
|
|
||
| - name: Comment Cleanup Notice | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| await github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: context.payload.pull_request.number, | ||
| body: '🧹 Preview 배포가 정리되었습니다.' | ||
| }); | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,119 @@ | ||
| name: Deploy-Preview | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
| branches: ['develop'] | ||
|
|
||
| concurrency: | ||
| group: preview-${{ github.event.pull_request.number }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| deploy-preview: | ||
| runs-on: ubuntu-latest | ||
| environment: PREVIEW_ENV | ||
| permissions: | ||
| pull-requests: write | ||
| contents: read | ||
|
|
||
| steps: | ||
| - name: Setup NodeJS | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 20 | ||
|
|
||
| - name: Checkout Code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup .env | ||
| run: | | ||
| echo "${{ vars.ENV }}" > .env | ||
| echo "${{ secrets.ENV }}" >> .env | ||
| echo "VITE_BASE_PATH=/pr-${{ github.event.pull_request.number }}" >> .env | ||
|
|
||
| - name: Install Dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Build Preview | ||
| run: npm run build | ||
|
|
||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_PREVIEW_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_PREVIEW_SECRET_ACCESS_KEY }} | ||
| aws-region: ap-northeast-2 | ||
|
|
||
| - name: Deploy to S3 Preview Bucket | ||
| run: | | ||
| aws s3 sync ./dist s3://${{ secrets.AWS_PREVIEW_BUCKET_NAME }}/pr-${{ github.event.pull_request.number }}/ --delete | ||
|
|
||
| - name: Deploy OAuth Redirect Handler | ||
| run: | | ||
| cat > /tmp/oauth-handler.html << 'OAUTH_EOF' | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head><title>Redirecting...</title></head> | ||
| <body> | ||
| <script> | ||
| var params = new URLSearchParams(window.location.search); | ||
| var state = params.get('state'); | ||
| if (state) { | ||
| params.delete('state'); | ||
| window.location.replace(state + '/oauth?' + params.toString()); | ||
| } | ||
| </script> | ||
| </body> | ||
| </html> | ||
| OAUTH_EOF | ||
|
Comment on lines
+54
to
+69
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
또한 🔒 state 파라미터 검증 추가 <script>
var params = new URLSearchParams(window.location.search);
var state = params.get('state');
- if (state) {
+ if (state && /^\/pr-\d+$/.test(state)) {
params.delete('state');
window.location.replace(state + '/oauth?' + params.toString());
+ } else {
+ window.location.replace('/oauth?' + params.toString());
}
</script>🤖 Prompt for AI Agents |
||
| aws s3 cp /tmp/oauth-handler.html s3://${{ secrets.AWS_PREVIEW_BUCKET_NAME }}/oauth --content-type "text/html" | ||
|
|
||
| - name: Invalidate CloudFront Cache | ||
| run: | | ||
| aws cloudfront create-invalidation \ | ||
| --distribution-id ${{ secrets.AWS_PREVIEW_CLOUDFRONT_ID }} \ | ||
| --paths "/pr-${{ github.event.pull_request.number }}/*" "/oauth" | ||
|
|
||
| - name: Comment Preview URL on PR | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const prNumber = context.payload.pull_request.number; | ||
| const url = `https://preview.debate-timer.com/pr-${prNumber}/`; | ||
|
|
||
| const body = `## 🚀 Preview 배포 완료! | ||
|
|
||
| | 환경 | URL | | ||
| |-----|-----| | ||
| | Preview | [열기](${url}) | | ||
| | API | Dev 환경 | | ||
|
|
||
| > PR이 닫히면 자동으로 정리됩니다.`; | ||
|
|
||
| const { data: comments } = await github.rest.issues.listComments({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: prNumber, | ||
| }); | ||
|
|
||
| const existing = comments.find(c => | ||
| c.user.login === 'github-actions[bot]' && | ||
| c.body.includes('Preview 배포 완료') | ||
| ); | ||
|
|
||
| if (existing) { | ||
| await github.rest.issues.updateComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| comment_id: existing.id, | ||
| body | ||
| }); | ||
| } else { | ||
| await github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: prNumber, | ||
| body | ||
| }); | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,7 +16,9 @@ import { DebateTemplate } from '../type/type'; | |
| function createTableShareUrl(encodeData: string): string { | ||
| const baseUrl = import.meta.env.VITE_SHARE_BASE_URL || window.location.origin; | ||
| const normalizedBaseUrl = baseUrl.replace(/\/+$/, ''); | ||
| return `${normalizedBaseUrl}/share?data=${encodeData}`; | ||
| const basePath = import.meta.env.VITE_BASE_PATH; | ||
| const pathPrefix = basePath && basePath !== '/' ? basePath : ''; | ||
|
Comment on lines
+19
to
+20
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
| return `${normalizedBaseUrl}${pathPrefix}/share?data=${encodeData}`; | ||
| } | ||
| interface DebateTemplateList { | ||
| ONE: DebateTemplate[]; | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,7 +33,9 @@ | |
| const isArgsValid = isPollIdValid && isTableIdValid; | ||
|
|
||
| const voteUrl = useMemo(() => { | ||
| return `${baseUrl}/vote/${pollId}`; | ||
| const basePath = import.meta.env.VITE_BASE_PATH; | ||
| const pathPrefix = basePath && basePath !== '/' ? basePath : ''; | ||
| return `${baseUrl}${pathPrefix}/vote/${pollId}`; | ||
|
Comment on lines
+36
to
+38
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
| }, [baseUrl, pollId]); | ||
|
|
||
| const handleGoToResult = () => { | ||
|
|
@@ -86,7 +88,7 @@ | |
| return ( | ||
| <DefaultLayout> | ||
| <DefaultLayout.ContentContainer> | ||
| <ErrorIndicator onClickRetry={() => navigate(buildLangPath('/', lang))}> | ||
| {t('유효하지 않은 투표 링크입니다.')} | ||
| </ErrorIndicator> | ||
| </DefaultLayout.ContentContainer> | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,12 +7,18 @@ export const oAuthLogin = () => { | |
| throw new Error('OAuth 정보가 없습니다.'); | ||
| } | ||
|
|
||
| const params = { | ||
| const params: Record<string, string> = { | ||
| client_id: import.meta.env.VITE_GOOGLE_O_AUTH_CLIENT_ID, | ||
| redirect_uri: import.meta.env.VITE_GOOGLE_O_AUTH_REDIRECT_URI, | ||
| response_type: 'code', | ||
| scope: 'openid profile email', | ||
| }; | ||
|
|
||
| const basePath = import.meta.env.VITE_BASE_PATH; | ||
| if (basePath && basePath !== '/') { | ||
| params.state = basePath; | ||
| } | ||
|
Comment on lines
+17
to
+20
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OAuth OAuth 공격자가
🤖 Prompt for AI Agents |
||
|
|
||
| const queryString = new URLSearchParams(params).toString(); | ||
| const googleOAuthUrl = `${import.meta.env.VITE_GOOGLE_O_AUTH_REQUEST_URL}?${queryString}`; | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
S3 삭제 후 CloudFront 캐시 무효화가 누락되었습니다.
deploy-preview.yml에서는 CloudFront 무효화를 수행하지만, 정리 워크플로우에서는 S3 객체만 삭제합니다. 캐시된 콘텐츠가 CloudFront 엣지에 남아 있어 삭제된 프리뷰가 TTL 만료 전까지 계속 제공될 수 있습니다.🛠️ CloudFront 무효화 단계 추가
- name: Delete Preview from S3 run: | aws s3 rm s3://${{ secrets.AWS_PREVIEW_BUCKET_NAME }}/pr-${{ github.event.pull_request.number }}/ --recursive + + - name: Invalidate CloudFront Cache + run: | + aws cloudfront create-invalidation \ + --distribution-id ${{ secrets.AWS_PREVIEW_CLOUDFRONT_ID }} \ + --paths "/pr-${{ github.event.pull_request.number }}/*"📝 Committable suggestion
🤖 Prompt for AI Agents