chore: consolidate local integration changes

2026-06-09 21:03:05 +09:00
parent aa2848c3b6
commit 1341f07ef9
158 changed files with 10995 additions and 1490 deletions
--- a/scripts/backup/lib/postgres.sh
+++ b/scripts/backup/lib/postgres.sh
@@ -17,6 +17,10 @@ dump_baron_postgres() {
  docker exec -e "PGPASSWORD=$db_password" baron_postgres \
    psql -U "$db_user" -d "$db_name" -Atc "select schemaname || '.' || relname || ':' || (xpath('/row/c/text()', query_to_xml(format('select count(*) as c from %I.%I', schemaname, relname), false, true, '')))[1]::text from pg_stat_user_tables order by 1" \
    >"$backup_dir/reports/baron-postgres-row-counts.txt"
+
+  docker exec -e "PGPASSWORD=$db_password" baron_postgres \
+    psql -U "$db_user" -d "$db_name" -Atc "select 'public.rp_user_metadata:' || count(*) from public.rp_user_metadata union all select 'public.users.global_custom_claims:' || count(*) from public.users where metadata ? 'global_custom_claims' union all select 'public.users.global_custom_claim_types:' || count(*) from public.users where metadata ? 'global_custom_claim_types' order by 1" \
+    >"$backup_dir/reports/baron-postgres-custom-claim-counts.txt"
 }

 dump_ory_postgres() {
--- a/scripts/backup/lib/report.sh
+++ b/scripts/backup/lib/report.sh
@@ -43,6 +43,8 @@ write_backup_markdown_report() {
  local users
  local tenants
  local relying_parties
+  local rp_user_custom_claims
+  local global_custom_claim_users
  local hydra_clients
  local works_org_units
  local works_users
@@ -59,6 +61,8 @@ write_backup_markdown_report() {
  users="$(report_first_count "public.users" "$reports_dir/baron-postgres-row-counts.txt")"
  tenants="$(report_first_count "public.tenants" "$reports_dir/baron-postgres-row-counts.txt")"
  relying_parties="$(report_first_count "public.relying_parties" "$reports_dir/baron-postgres-row-counts.txt")"
+  rp_user_custom_claims="$(report_first_count "public.rp_user_metadata" "$reports_dir/baron-postgres-custom-claim-counts.txt" "$reports_dir/baron-postgres-row-counts.txt")"
+  global_custom_claim_users="$(report_first_count "public.users.global_custom_claims" "$reports_dir/baron-postgres-custom-claim-counts.txt")"
  hydra_clients="$(report_first_count "public.hydra_client" "$reports_dir/ory_hydra-row-counts.txt")"
  works_org_units="$(report_first_count "public.works_org_units" "$reports_dir/baron-postgres-row-counts.txt")"
  works_users="$(report_first_count "public.works_users" "$reports_dir/baron-postgres-row-counts.txt")"
@@ -87,6 +91,8 @@ write_backup_markdown_report() {
    printf '| 사용자 | %s |\n' "$users"
    printf '| 테넌트 | %s |\n' "$tenants"
    printf '| RP | %s |\n' "$relying_parties"
+    printf '| RP 사용자 custom claim | %s |\n' "$rp_user_custom_claims"
+    printf '| 전역 custom claim 사용자 | %s |\n' "$global_custom_claim_users"
    printf '| Hydra Client | %s |\n' "$hydra_clients"
    printf '| WORKS 조직 | %s |\n' "$works_org_units"
    printf '| WORKS 사용자 | %s |\n\n' "$works_users"
--- a/scripts/clear_orphan_tenant_memberships.sh
+++ b/scripts/clear_orphan_tenant_memberships.sh
@@ -7,6 +7,18 @@ BARON_DB_NAME="${BARON_DB_NAME:-baron_sso}"
 KRATOS_CONTAINER="${KRATOS_CONTAINER:-ory_postgres}"
 KRATOS_DB_USER="${KRATOS_DB_USER:-ory}"
 KRATOS_DB_NAME="${KRATOS_DB_NAME:-ory_kratos}"
+CONFIRM_KRATOS_DB_MAINTENANCE="${CONFIRM_KRATOS_DB_MAINTENANCE:-}"
+MARK_IDENTITY_MIRROR_STALE="${MARK_IDENTITY_MIRROR_STALE:-false}"
+
+if [[ "${CONFIRM_KRATOS_DB_MAINTENANCE}" != "baron-sso" ]]; then
+	echo "ERROR: CONFIRM_KRATOS_DB_MAINTENANCE=baron-sso is required before directly updating Kratos DB." >&2
+	exit 1
+fi
+
+if [[ "${MARK_IDENTITY_MIRROR_STALE}" != "true" ]]; then
+	echo "ERROR: MARK_IDENTITY_MIRROR_STALE=true is required after marking the Redis identity mirror stale." >&2
+	exit 1
+fi

 script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

--- a/scripts/test_staging_workflow_env.sh
+++ b/scripts/test_staging_workflow_env.sh
@@ -20,6 +20,8 @@ do
  assert_contains "$workflow" 'WORKS_ADMIN_API_BASE_URL=${{ vars.WORKS_ADMIN_API_BASE_URL }}'
  assert_contains "$workflow" 'WORKS_ADMIN_OAUTH_TOKEN_URL=${{ vars.WORKS_ADMIN_OAUTH_TOKEN_URL }}'
  assert_contains "$workflow" 'BACKEND_PUBLIC_URL=${{ vars.BACKEND_URL }}'
+  assert_contains "$workflow" 'ORGFRONT_ORGCHART_CACHE_TTL_SECONDS=${{ vars.ORGFRONT_ORGCHART_CACHE_TTL_SECONDS }}'
+  assert_contains "$workflow" "ORGFRONT_ORGCHART_CACHE_TTL_SECONDS=3600"
 done

 assert_contains ".gitea/workflows/staging_release.yml" "scp adminfront/seed-tenant.csv"
@@ -31,5 +33,7 @@ assert_contains "docker/staging_pull_compose.template.yaml" "SEED_TENANT_CSV_PAT
 assert_contains "docker/staging_pull_compose.template.yaml" "./adminfront/seed-tenant.csv:/app/seed-tenant.csv:ro"
 assert_contains "docker/staging_pull_compose.template.yaml" 'WORKS_ADMIN_API_BASE_URL=${WORKS_ADMIN_API_BASE_URL}'
 assert_contains "docker/staging_pull_compose.template.yaml" 'WORKS_ADMIN_OAUTH_TOKEN_URL=${WORKS_ADMIN_OAUTH_TOKEN_URL}'
+assert_contains "docker/docker-compose.staging.template.yaml" "ORGFRONT_ORGCHART_CACHE_TTL_SECONDS=\${ORGFRONT_ORGCHART_CACHE_TTL_SECONDS:-3600}"
+assert_contains "docker/staging_pull_compose.template.yaml" "ORGFRONT_ORGCHART_CACHE_TTL_SECONDS=\${ORGFRONT_ORGCHART_CACHE_TTL_SECONDS:-3600}"

 echo "staging workflow env checks passed"