2025-Spring-CloudNative · cmyang1218 · May 26, 2025 · May 26, 2025 · May 26, 2025 · May 26, 2025
diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
@@ -29,7 +29,14 @@ jobs:
 
             - name: Run Tests
               run: npm run test
+    deploy:
+        needs: test
+        runs-on: ubuntu-latest
 
+        steps:
+            - name: Checkout Repository
+              uses: actions/checkout@v4
+
             - name: Authenticate to Google Cloud
               uses: google-github-actions/auth@v2
               with:
@@ -57,3 +64,10 @@ jobs:
                 service: dc-manager-backend
                 image: asia-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dc-manager-backend/dc-manager-backend-cloud:${{ github.sha }}
                 region: asia-east1
+                flags: --port=4000 --allow-unauthenticated --add-cloudsql-instances=${{ secrets.CLOUD_SQL_INSTANCE }}
+                env_vars: |
+                  NODE_ENV=prod
+                  DATABASE_URL=postgres://${{ secrets.DB_USER }}:${{ secrets.DB_PASSWORD }}@/\
+                  ${{ secrets.DB_NAME }}?host=/cloudsql/${{ secrets.CLOUD_SQL_INSTANCE }}
+                  ACCESS_SECRET=${{ secrets.ACCESS_SECRET }}
+                  REFRESH_SECRET=${{ secrets.REFRESH_SECRET }}
diff --git a/src/domain/rbac/policy.ts b/src/domain/rbac/policy.ts
@@ -11,6 +11,8 @@ const resources = [
     "Machine",
     "Service",
     "Subnet",
+    "IPPool",
+    "IPAddress",
     "User"
 ] as const
 export type Resource = (typeof resources)[number]
@@ -56,6 +58,14 @@ export const POLICY: RBACPolicy = {
             resource: "Subnet",
             action: ["read"]
         },
+        {
+            resource: "IPPool",
+            action: ["read"]
+        },
+        {
+            resource: "IPAddress",
+            action: ["read"]
+        },
         {
             resource: "User",
             action: ["*"]

diff --git a/src/presentation/server/controllers/auth.controller.ts b/src/presentation/server/controllers/auth.controller.ts
@@ -25,8 +25,8 @@ export async function userRegister(req: Request, res: Response) {
         )
         res.cookie('refreshToken', refreshToken, {
             httpOnly: true,
-            secure: false,
-            sameSite: 'strict'
+            secure: process.env.NODE_ENV === 'prod',
+            sameSite: process.env.NODE_ENV === 'prod' ? 'none' : 'strict'
         })
 
         res.status(201).json({
@@ -59,8 +59,8 @@ export async function userLogin(req: Request, res: Response) {
         )
         res.cookie('refreshToken', refreshToken, {
             httpOnly: true,
-            secure: false,
-            sameSite: 'strict'
+            secure: process.env.NODE_ENV === 'prod',
+            sameSite: process.env.NODE_ENV === 'prod' ? 'none' : 'strict'
         })
 
         res.status(200).json({

diff --git a/src/presentation/server/middleware/auth.middleware.ts b/src/presentation/server/middleware/auth.middleware.ts
@@ -67,6 +67,8 @@ const resourceToResourceMap: Record<string, Resource> = {
     machine: "Machine",
     service: "Service",
     subnet: "Subnet",
+    "ip-pool": "IPPool",
+    "ip-address": "IPAddress",
     user: "User",
     auth: "User"
 }