kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

go 버전업 && ory 설정파일들 자동 생성 스크립트 추가

Browse Source
This commit is contained in:
admin-bot
2026-05-07 11:01:25 +09:00
parent 45a14163bf
commit 2cba9c9c1f
25 changed files with 504 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
test/backend_go_version_policy_test.sh Normal file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
TARGET_GO_VERSION="1.26.2"
GO_MOD="$ROOT_DIR/backend/go.mod"
BACKEND_DOCKERFILE="$ROOT_DIR/backend/Dockerfile"
LOCAL_COMPOSE="$ROOT_DIR/docker-compose.yaml"
STAGING_COMPOSE="$ROOT_DIR/docker/docker-compose.staging.template.yaml"
PULL_COMPOSE="$ROOT_DIR/docker/staging_pull_compose.template.yaml"
DEPLOY_TEMPLATE="$ROOT_DIR/deploy/templates/docker-compose.yaml"
README="$ROOT_DIR/README.md"
README_EN="$ROOT_DIR/README_en.md"
TEST_GUIDE="$ROOT_DIR/docs/TEST_GUIDE.md"
COMPLETION_REPORT="$ROOT_DIR/docs/개발완료보고서.md"
for file in \
"$GO_MOD" \
"$BACKEND_DOCKERFILE" \
"$LOCAL_COMPOSE" \
"$STAGING_COMPOSE" \
"$PULL_COMPOSE" \
"$DEPLOY_TEMPLATE" \
"$README" \
"$README_EN" \
"$TEST_GUIDE" \
"$COMPLETION_REPORT"
do
if [[ ! -f "$file" ]]; then
echo "ERROR: expected file not found: $file" >&2
exit 1
fi
done
if ! grep -Eq "^go ${TARGET_GO_VERSION}$" "$GO_MOD"; then
echo "ERROR: backend go.mod must use go ${TARGET_GO_VERSION}." >&2
exit 1
fi
if ! grep -Eq "^FROM golang:${TARGET_GO_VERSION}-alpine$" "$BACKEND_DOCKERFILE"; then
echo "ERROR: backend Dockerfile must use golang:${TARGET_GO_VERSION}-alpine." >&2
exit 1
fi
for file in "$LOCAL_COMPOSE" "$PULL_COMPOSE"; do
if ! grep -Fq "context: ./backend" "$file" && ! grep -Fq "context: ../../backend" "$file"; then
echo "ERROR: backend compose build context is missing in $file." >&2
exit 1
fi
done
for file in "$STAGING_COMPOSE" "$DEPLOY_TEMPLATE"; do
if ! grep -Eq "^[[:space:]]+backend:$" "$file"; then
echo "ERROR: backend service is missing in $file." >&2
exit 1
fi
done
legacy_refs="$(
grep -R -nE "golang:1\\.25|^go 1\\.25" \
"$ROOT_DIR/backend" \
"$ROOT_DIR/docker-compose.yaml" \
"$ROOT_DIR/docker" \
"$ROOT_DIR/deploy/templates" \
"$README" \
"$README_EN" \
"$TEST_GUIDE" \
"$COMPLETION_REPORT" || true
)"
if [[ -n "$legacy_refs" ]]; then
echo "ERROR: legacy backend Go version references remain." >&2
echo "$legacy_refs" >&2
exit 1
fi
echo "OK: backend Go base version policy is ${TARGET_GO_VERSION}"

34
test/make_dev_targets_test.sh
View File

@@ -30,6 +30,11 @@ if ! grep -q "Ensuring Ory stack" <<<"$dry_run_dev"; then
exit 1
fi
if ! grep -q "Rendering Ory config" <<<"$dry_run_dev"; then
echo "make dev must render Ory config before starting services." >&2
exit 1
fi
app_up_line="$(
grep -E "docker compose .* -f docker-compose.yaml up .*backend.*adminfront" <<<"$dry_run_dev" | tail -1
)"
@@ -44,6 +49,11 @@ if grep -q -- " -d" <<<"$app_up_line"; then
exit 1
fi
if ! grep -q -- " --build" <<<"$app_up_line"; then
echo "make dev must rebuild app service images before starting development containers." >&2
exit 1
fi
dry_run_up_dev="$(
make --dry-run --always-make -C "$repo_root" up-dev 2>&1
)"
@@ -67,6 +77,20 @@ if ! grep -q "Starting App stack (backend/userfront/adminfront/devfront/orgfront
exit 1
fi
if ! grep -q "Rendering Ory config" <<<"$dry_run_up_app"; then
echo "make up-app must render Ory config before starting services." >&2
exit 1
fi
up_app_line="$(
grep -E "docker compose .* -f docker-compose.yaml up .*backend.*adminfront.*devfront.*orgfront.*userfront|docker compose .* -f docker-compose.yaml up " <<<"$dry_run_up_app" | tail -1
)"
if ! grep -q -- " --build" <<<"$up_app_line"; then
echo "make up-app must rebuild app service images before starting containers." >&2
exit 1
fi
dry_run_up_all="$(
make --dry-run --always-make -C "$repo_root" up-all 2>&1
)"
@@ -84,6 +108,16 @@ if ! grep -q "Starting ALL stacks (infra + ory + app)" <<<"$dry_run_up"; then
exit 1
fi
if ! grep -q "config/.generated/auth-config.env" <<<"$dry_run_up"; then
echo "make up must use generated env from config/.generated." >&2
exit 1
fi
if ! grep -q "Rendering Ory config" <<<"$dry_run_up"; then
echo "make up must render Ory config before compose up." >&2
exit 1
fi
if ! grep -q "Ensuring Docker networks" <<<"$dry_run_up_all"; then
echo "make up-all must ensure external Docker networks before compose up." >&2
exit 1

6
test/ory_log_pipeline_policy_test.sh
View File

@@ -3,6 +3,8 @@ set -euo pipefail
repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
"$repo_root/scripts/render_ory_config.sh" >/dev/null
docker run --rm \
-e ORY_CLICKHOUSE_USER=ory \
-e ORY_CLICKHOUSE_PASSWORD=orypass \
@@ -14,12 +16,12 @@ if grep -q '/etc/config/oathkeeper/rules.active.json' "$repo_root/docker/ory/oat
exit 1
fi
if ! grep -q 'file:///tmp/oathkeeper/rules.active.json' "$repo_root/docker/ory/oathkeeper/oathkeeper.yml"; then
if ! grep -q 'file:///tmp/oathkeeper/rules.active.json' "$repo_root/config/.generated/ory/oathkeeper/oathkeeper.yml"; then
echo "ERROR: Oathkeeper config must load active rules from writable runtime storage." >&2
exit 1
fi
if ! grep -q '^version: v26.2.0$' "$repo_root/docker/ory/kratos/kratos.yml"; then
if ! grep -q '^version: v26.2.0$' "$repo_root/config/.generated/ory/kratos/kratos.yml"; then
echo "ERROR: Kratos config version must match the v26.2.0 runtime." >&2
exit 1
fi

81
test/ory_v26_compose_policy_test.sh
View File

@@ -67,6 +67,30 @@ for compose_file in "$repo_root/compose.ory.yaml" "$repo_root/docker/compose.ory
fi
done
for stack_check_file in \
"$repo_root/compose.ory.yaml" \
"$repo_root/docker/compose.ory.yaml" \
"$repo_root/docker/staging_pull_compose.template.yaml" \
"$repo_root/deploy/templates/docker-compose.yaml"
do
if grep -q 'until curl -s http://' "$stack_check_file"; then
echo "ERROR: Ory stack check must not wait forever; use bounded readiness checks in $stack_check_file." >&2
exit 1
fi
if ! grep -q 'ORY_STACK_CHECK_MAX_ATTEMPTS' "$stack_check_file"; then
echo "ERROR: Ory stack check must expose ORY_STACK_CHECK_MAX_ATTEMPTS in $stack_check_file." >&2
exit 1
fi
if ! grep -q 'ERROR: Ory service not ready' "$stack_check_file"; then
echo "ERROR: Ory stack check must report the failed service name in $stack_check_file." >&2
exit 1
fi
if ! grep -q 'check_ready kratos .* || exit 1' "$stack_check_file"; then
echo "ERROR: Ory stack check must raise a non-zero exit when Kratos is not ready in $stack_check_file." >&2
exit 1
fi
done
for expected_url in \
"https://compose-policy.example.test/sso/oidc" \
"https://compose-policy.example.test/sso/login" \
@@ -189,17 +213,17 @@ done
deploy_template="$repo_root/deploy/templates/docker-compose.yaml"
deploy_env_template="$repo_root/deploy/templates/.env.template"
deploy_gateway_template="$repo_root/deploy/templates/gateway/nginx.conf"
deploy_kratos_template="$repo_root/deploy/templates/ory/kratos/kratos.yml"
deploy_kratos_template="$repo_root/deploy/templates/ory/kratos/kratos.yml.template"
deploy_oathkeeper_rules_template="$repo_root/deploy/templates/ory/oathkeeper/rules.json"
for required_template in \
"$repo_root/deploy/templates/orgfront/vite.config.ts" \
"$repo_root/deploy/templates/orgfront/auth.ts" \
"$repo_root/docker/ory/init-db/01_create_dbs.sh" \
"$repo_root/docker/ory/hydra/hydra.yml" \
"$repo_root/docker/ory/keto/keto.yml" \
"$repo_root/docker/ory/hydra/hydra.yml.template" \
"$repo_root/docker/ory/keto/keto.yml.template" \
"$repo_root/docker/ory/oathkeeper/entrypoint.sh" \
"$repo_root/docker/ory/oathkeeper/oathkeeper.yml"
"$repo_root/docker/ory/oathkeeper/oathkeeper.yml.template"
do
if [[ ! -f "$required_template" ]]; then
echo "ERROR: deploy instance generation requires missing source file: $required_template" >&2
@@ -214,8 +238,8 @@ fi
for prod_sensitive_file in \
"$repo_root/docker/ory/oathkeeper/rules.prod.json" \
"$repo_root/docker/ory/kratos/kratos.yml" \
"$repo_root/deploy/templates/ory/kratos/kratos.yml"
"$repo_root/docker/ory/kratos/kratos.yml.template" \
"$repo_root/deploy/templates/ory/kratos/kratos.yml.template"
do
if grep -q "app\\.brsw\\.kr" "$prod_sensitive_file"; then
echo "ERROR: Ory production-sensitive config must not hard-code app.brsw.kr: $prod_sensitive_file" >&2
@@ -223,6 +247,51 @@ do
fi
done
for compose_file in "$repo_root/compose.ory.yaml" "$repo_root/docker/compose.ory.yaml" "$repo_root/docker/staging_pull_compose.template.yaml"; do
if grep -Eq './docker/ory/(kratos|hydra|keto|oathkeeper):/etc/config/' "$compose_file"; then
echo "ERROR: Ory compose must mount rendered config/.generated/ory config, not source templates: $compose_file" >&2
exit 1
fi
done
if grep -Eq '\./ory/(kratos|hydra|keto|oathkeeper):/etc/config/' "$deploy_template"; then
echo "ERROR: deploy template must mount rendered config/.generated/ory config, not source templates." >&2
exit 1
fi
if grep -q 'ory/generated' "$deploy_template" "$repo_root/deploy/create-instance.sh"; then
echo "ERROR: deploy template must use config/.generated/ory, not ory/generated." >&2
exit 1
fi
if ! grep -q '^render-ory-config:' "$repo_root/Makefile"; then
echo "ERROR: Makefile must render Ory config before starting Ory services." >&2
exit 1
fi
if ! grep -q 'scripts/render_ory_config.sh' "$repo_root/.gitea/workflows/staging_code_pull.yml"; then
echo "ERROR: staging code pull must render Ory config before docker compose up." >&2
exit 1
fi
"$repo_root/scripts/render_ory_config.sh" >/dev/null
for generated_config in \
"$repo_root/config/.generated/ory/kratos/kratos.yml" \
"$repo_root/config/.generated/ory/hydra/hydra.yml" \
"$repo_root/config/.generated/ory/keto/keto.yml" \
"$repo_root/config/.generated/ory/oathkeeper/oathkeeper.yml"
do
if [[ ! -f "$generated_config" ]]; then
echo "ERROR: Ory rendered config is missing: $generated_config" >&2
exit 1
fi
if grep -q '\${' "$generated_config"; then
echo "ERROR: Ory rendered config must not contain placeholders: $generated_config" >&2
exit 1
fi
done
for service in kratos-migrate kratos hydra-migrate hydra keto-migrate keto oathkeeper_logs_init oathkeeper; do
if ! grep -q "^ $service:" "$deploy_template"; then
echo "ERROR: deploy template Ory stack must include service: $service" >&2