Skip to content

Compliance PDCA: 미조치(pending) CSV 다운로드 2곳을 openCsvPreview 미리보기+다운로드로 통일 #188

Compliance PDCA: 미조치(pending) CSV 다운로드 2곳을 openCsvPreview 미리보기+다운로드로 통일

Compliance PDCA: 미조치(pending) CSV 다운로드 2곳을 openCsvPreview 미리보기+다운로드로 통일 #188

Workflow file for this run

name: deploy-mori-soc
on:
push:
branches: [main]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
env:
DEPLOY_PATH: /backup/rmstudio/mori
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
steps:
# 배포 시크릿이 설정되지 않은 저장소(포크/데모)에서는 전체 스킵 → job 초록.
# 시크릿은 job-level if 에서 참조 불가하므로 첫 스텝에서 게이트를 만든다.
- name: Check deploy secret configured
id: guard
run: |
if [ -z "${{ secrets.DEPLOY_SSH_KEY }}" ]; then
echo "::notice::DEPLOY_SSH_KEY is not configured — skipping deploy (expected on unconfigured repos)."
echo "run=false" >> "$GITHUB_OUTPUT"
else
echo "run=true" >> "$GITHUB_OUTPUT"
fi
- name: Checkout
if: steps.guard.outputs.run == 'true'
uses: actions/checkout@v4
- name: Start SSH agent
if: steps.guard.outputs.run == 'true'
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }}
- name: Add SSH known hosts
if: steps.guard.outputs.run == 'true'
run: |
mkdir -p ~/.ssh
if [ -n "${{ secrets.DEPLOY_KNOWN_HOSTS }}" ]; then
printf '%s\n' "${{ secrets.DEPLOY_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
else
ssh-keyscan -p "$DEPLOY_PORT" "$DEPLOY_HOST" >> ~/.ssh/known_hosts
fi
- name: Ensure remote path exists
if: steps.guard.outputs.run == 'true'
run: ssh -p "$DEPLOY_PORT" "$DEPLOY_USER@$DEPLOY_HOST" "mkdir -p '$DEPLOY_PATH'"
- name: Sync repository
if: steps.guard.outputs.run == 'true'
run: |
rsync -az --delete \
--exclude '.git/' \
--exclude '.env' \
--exclude 'certs/' \
--exclude 'reports/' \
--exclude 'config/wazuh_indexer_ssl_certs/' \
./ "$DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/"
- name: Upload deployment env
if: steps.guard.outputs.run == 'true'
env:
DEPLOY_ENV_FILE: ${{ secrets.DEPLOY_ENV_FILE }}
run: |
printf '%s' "$DEPLOY_ENV_FILE" | \
ssh -p "$DEPLOY_PORT" "$DEPLOY_USER@$DEPLOY_HOST" "cat > '$DEPLOY_PATH/.env'"
- name: Run remote deploy
if: steps.guard.outputs.run == 'true'
run: |
ssh -p "$DEPLOY_PORT" "$DEPLOY_USER@$DEPLOY_HOST" <<EOF
set -e
cd "$DEPLOY_PATH"
mkdir -p certs reports config/wazuh_indexer_ssl_certs
if [ ! -f config/wazuh_indexer_ssl_certs/root-ca.pem ]; then
docker compose -f generate-indexer-certs.yml run --rm generator
fi
docker compose pull
docker compose up -d --remove-orphans
docker compose ps
EOF