diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml index 7fd3a49..9011b37 100644 --- a/.github/workflows/backend.yml +++ b/.github/workflows/backend.yml @@ -64,10 +64,12 @@ jobs: if [ "${{ github.ref_name }}" = "develop" ]; then echo "Deploying to dev stage..." + export ALLOWED_REFERER="${{ secrets.ALLOWED_REFERER_DEV }}" npm run deploy:dev # 例) package.json: "deploy:dev": "serverless deploy --stage dev" elif [ "${{ github.ref_name }}" = "main" ]; then echo "Deploying to prod stage..." + export ALLOWED_REFERER="${{ secrets.ALLOWED_REFERER_PROD }}" npm run deploy:prod # 例) package.json: "deploy:prod": "serverless deploy --stage prod" else diff --git a/backend/package.json b/backend/package.json index ec61314..beefc27 100644 --- a/backend/package.json +++ b/backend/package.json @@ -5,7 +5,8 @@ "scripts": { "build": "tsc", "dev:local": "npm run build && env-cmd -f .env.local serverless offline --stage dev", - "deploy:dev": "npm run build && env-cmd -f .env.dev serverless deploy --stage dev", + "deploy:dev:local": "npm run build && env-cmd -f .env.dev serverless deploy --stage dev", + "deploy:dev": "npm run build && serverless deploy --stage dev", "deploy:prod": "npm run build && env-cmd -f .env.prod serverless deploy --stage prod", "test": "echo 'No tests yet' && exit 0" }, diff --git a/backend/serverless.yml b/backend/serverless.yml index 9d3433f..9fc4cae 100644 --- a/backend/serverless.yml +++ b/backend/serverless.yml @@ -26,7 +26,7 @@ provider: environment: BUCKET_NAME: ${env:BUCKET_NAME} # S3バケット名 (ローカルなら .env.dev など、CI/CD は secrets) S3_PREFIX: ${self:custom.prefixes.${self:provider.stage}} - ALLOWED_REFERER: ${self:custom.allowedReferers.${self:provider.stage}} + ALLOWED_REFERER: ${env:ALLOWED_REFERER} iamRoleStatements: - Effect: "Allow" @@ -64,7 +64,3 @@ custom: prefixes: dev: dev/ prod: prod/ - - allowedReferers: - dev: "localhost:5173, dev.mydomain.com" - prod: "mydomain.com"