go 버전업 && ory 설정파일들 자동 생성 스크립트 추가

test/ory_v26_compose_policy_test.sh

@@ -67,6 +67,30 @@ for compose_file in "$repo_root/compose.ory.yaml" "$repo_root/docker/compose.ory
   fi
 done
 
+for stack_check_file in \
+  "$repo_root/compose.ory.yaml" \
+  "$repo_root/docker/compose.ory.yaml" \
+  "$repo_root/docker/staging_pull_compose.template.yaml" \
+  "$repo_root/deploy/templates/docker-compose.yaml"
+do
+  if grep -q 'until curl -s http://' "$stack_check_file"; then
+    echo "ERROR: Ory stack check must not wait forever; use bounded readiness checks in $stack_check_file." >&2
+    exit 1
+  fi
+  if ! grep -q 'ORY_STACK_CHECK_MAX_ATTEMPTS' "$stack_check_file"; then
+    echo "ERROR: Ory stack check must expose ORY_STACK_CHECK_MAX_ATTEMPTS in $stack_check_file." >&2
+    exit 1
+  fi
+  if ! grep -q 'ERROR: Ory service not ready' "$stack_check_file"; then
+    echo "ERROR: Ory stack check must report the failed service name in $stack_check_file." >&2
+    exit 1
+  fi
+  if ! grep -q 'check_ready kratos .* || exit 1' "$stack_check_file"; then
+    echo "ERROR: Ory stack check must raise a non-zero exit when Kratos is not ready in $stack_check_file." >&2
+    exit 1
+  fi
+done
+
 for expected_url in \
   "https://compose-policy.example.test/sso/oidc" \
   "https://compose-policy.example.test/sso/login" \
@@ -189,17 +213,17 @@ done
 deploy_template="$repo_root/deploy/templates/docker-compose.yaml"
 deploy_env_template="$repo_root/deploy/templates/.env.template"
 deploy_gateway_template="$repo_root/deploy/templates/gateway/nginx.conf"
-deploy_kratos_template="$repo_root/deploy/templates/ory/kratos/kratos.yml"
+deploy_kratos_template="$repo_root/deploy/templates/ory/kratos/kratos.yml.template"
 deploy_oathkeeper_rules_template="$repo_root/deploy/templates/ory/oathkeeper/rules.json"
 
 for required_template in \
   "$repo_root/deploy/templates/orgfront/vite.config.ts" \
   "$repo_root/deploy/templates/orgfront/auth.ts" \
   "$repo_root/docker/ory/init-db/01_create_dbs.sh" \
-  "$repo_root/docker/ory/hydra/hydra.yml" \
-  "$repo_root/docker/ory/keto/keto.yml" \
+  "$repo_root/docker/ory/hydra/hydra.yml.template" \
+  "$repo_root/docker/ory/keto/keto.yml.template" \
   "$repo_root/docker/ory/oathkeeper/entrypoint.sh" \
-  "$repo_root/docker/ory/oathkeeper/oathkeeper.yml"
+  "$repo_root/docker/ory/oathkeeper/oathkeeper.yml.template"
 do
   if [[ ! -f "$required_template" ]]; then
     echo "ERROR: deploy instance generation requires missing source file: $required_template" >&2
@@ -214,8 +238,8 @@ fi
 
 for prod_sensitive_file in \
   "$repo_root/docker/ory/oathkeeper/rules.prod.json" \
-  "$repo_root/docker/ory/kratos/kratos.yml" \
-  "$repo_root/deploy/templates/ory/kratos/kratos.yml"
+  "$repo_root/docker/ory/kratos/kratos.yml.template" \
+  "$repo_root/deploy/templates/ory/kratos/kratos.yml.template"
 do
   if grep -q "app\\.brsw\\.kr" "$prod_sensitive_file"; then
     echo "ERROR: Ory production-sensitive config must not hard-code app.brsw.kr: $prod_sensitive_file" >&2
@@ -223,6 +247,51 @@ do
   fi
 done
 
+for compose_file in "$repo_root/compose.ory.yaml" "$repo_root/docker/compose.ory.yaml" "$repo_root/docker/staging_pull_compose.template.yaml"; do
+  if grep -Eq './docker/ory/(kratos|hydra|keto|oathkeeper):/etc/config/' "$compose_file"; then
+    echo "ERROR: Ory compose must mount rendered config/.generated/ory config, not source templates: $compose_file" >&2
+    exit 1
+  fi
+done
+
+if grep -Eq '\./ory/(kratos|hydra|keto|oathkeeper):/etc/config/' "$deploy_template"; then
+  echo "ERROR: deploy template must mount rendered config/.generated/ory config, not source templates." >&2
+  exit 1
+fi
+
+if grep -q 'ory/generated' "$deploy_template" "$repo_root/deploy/create-instance.sh"; then
+  echo "ERROR: deploy template must use config/.generated/ory, not ory/generated." >&2
+  exit 1
+fi
+
+if ! grep -q '^render-ory-config:' "$repo_root/Makefile"; then
+  echo "ERROR: Makefile must render Ory config before starting Ory services." >&2
+  exit 1
+fi
+
+if ! grep -q 'scripts/render_ory_config.sh' "$repo_root/.gitea/workflows/staging_code_pull.yml"; then
+  echo "ERROR: staging code pull must render Ory config before docker compose up." >&2
+  exit 1
+fi
+
+"$repo_root/scripts/render_ory_config.sh" >/dev/null
+
+for generated_config in \
+  "$repo_root/config/.generated/ory/kratos/kratos.yml" \
+  "$repo_root/config/.generated/ory/hydra/hydra.yml" \
+  "$repo_root/config/.generated/ory/keto/keto.yml" \
+  "$repo_root/config/.generated/ory/oathkeeper/oathkeeper.yml"
+do
+  if [[ ! -f "$generated_config" ]]; then
+    echo "ERROR: Ory rendered config is missing: $generated_config" >&2
+    exit 1
+  fi
+  if grep -q '\${' "$generated_config"; then
+    echo "ERROR: Ory rendered config must not contain placeholders: $generated_config" >&2
+    exit 1
+  fi
+done
+
 for service in kratos-migrate kratos hydra-migrate hydra keto-migrate keto oathkeeper_logs_init oathkeeper; do
   if ! grep -q "^  $service:" "$deploy_template"; then
     echo "ERROR: deploy template Ory stack must include service: $service" >&2