From 4df3fafe18370bcc440715b5fecadc5505f9da31 Mon Sep 17 00:00:00 2001 From: icurfer Date: Sun, 19 Apr 2026 01:06:24 +0900 Subject: [PATCH] =?UTF-8?q?verifier:=20private.pem=20=EC=9D=98=EC=A1=B4=20?= =?UTF-8?q?=EC=A0=9C=EA=B1=B0=20+=20CI=20trigger=20=ED=91=9C=EC=A4=80?= =?UTF-8?q?=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - settings.py: ISTIO_JWT 모드에서 verifier는 public.pem만 로드 (기존 코드가 무조건 private.pem 읽어 Secret 미생성 시 크래시) - version 파치 증가 - CI 트리거를 version 파일 변경 시로 제한 (이미지 태그 불변성 보장) Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/build.yaml | 4 ++++ ansible_prj/settings.py | 5 +---- version | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f901898..b6825fd 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,8 +5,12 @@ run-name: ${{ gitea.actor }} is runs ci pipeline on: push: branches: [ "main" ] + paths: + - 'version' pull_request: branches: [ "main" ] + paths: + - 'version' # paths-ignore: # - LICENCE # - 'docs/**' diff --git a/ansible_prj/settings.py b/ansible_prj/settings.py index ebbf25d..a4e622c 100644 --- a/ansible_prj/settings.py +++ b/ansible_prj/settings.py @@ -184,10 +184,7 @@ WSGI_APPLICATION = 'ansible_prj.wsgi.application' ISTIO_JWT = os.environ.get("ISTIO_JWT", "0") == "1" if ISTIO_JWT: - # RS256 모드 - # 운영환경에서 key파일은 POD mount로 적용하는게 안전 - with open(BASE_DIR / "keys/private.pem", "r") as f: - PRIVATE_KEY = f.read() + # RS256 모드 - verifier 역할이므로 public key만 로드 with open(BASE_DIR / "keys/public.pem", "r") as f: PUBLIC_KEY = f.read() diff --git a/version b/version index b52cc10..71ad83c 100644 --- a/version +++ b/version @@ -1 +1 @@ -v0.0.12 \ No newline at end of file +v0.0.13 \ No newline at end of file