forked from baron/baron-sso
테스트 개선 및 프로덕션 배포준비
This commit is contained in:
@@ -254,41 +254,46 @@ jobs:
|
||||
with:
|
||||
node-version: "24"
|
||||
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v4
|
||||
with:
|
||||
version: 10.5.2
|
||||
|
||||
- name: Install adminfront dependencies
|
||||
run: |
|
||||
cd adminfront
|
||||
npx pnpm install -C ../common --no-frozen-lockfile
|
||||
npx pnpm install --no-frozen-lockfile
|
||||
pnpm install -C ../common --no-frozen-lockfile
|
||||
pnpm install --no-frozen-lockfile
|
||||
|
||||
- name: Biome check adminfront
|
||||
run: |
|
||||
cd adminfront
|
||||
npx biome check . --formatter-enabled=false --assist-enabled=false
|
||||
npx biome check . --linter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --formatter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --linter-enabled=false --assist-enabled=false
|
||||
|
||||
- name: Install devfront dependencies
|
||||
run: |
|
||||
cd devfront
|
||||
npx pnpm install -C ../common --no-frozen-lockfile
|
||||
npx pnpm install --no-frozen-lockfile
|
||||
pnpm install -C ../common --no-frozen-lockfile
|
||||
pnpm install --no-frozen-lockfile
|
||||
|
||||
- name: Biome check devfront
|
||||
run: |
|
||||
cd devfront
|
||||
npx biome check . --formatter-enabled=false --assist-enabled=false
|
||||
npx biome check . --linter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --formatter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --linter-enabled=false --assist-enabled=false
|
||||
|
||||
- name: Install orgfront dependencies
|
||||
run: |
|
||||
cd orgfront
|
||||
npx pnpm install -C ../common --no-frozen-lockfile
|
||||
npx pnpm install --no-frozen-lockfile
|
||||
pnpm install -C ../common --no-frozen-lockfile
|
||||
pnpm install --no-frozen-lockfile
|
||||
|
||||
- name: Biome check orgfront
|
||||
run: |
|
||||
cd orgfront
|
||||
npx biome check . --formatter-enabled=false --assist-enabled=false
|
||||
npx biome check . --linter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --formatter-enabled=false --assist-enabled=false
|
||||
pnpm exec biome check . --linter-enabled=false --assist-enabled=false
|
||||
|
||||
backend-tests:
|
||||
needs:
|
||||
@@ -731,9 +736,9 @@ jobs:
|
||||
set +e
|
||||
cd userfront-e2e
|
||||
if [ "$USERFRONT_E2E_FULL" = "true" ]; then
|
||||
test_command="npm test"
|
||||
test_command="npx playwright test"
|
||||
else
|
||||
test_command="npm test -- --project=chromium-desktop --project=chromium-mobile-webapp"
|
||||
test_command="npx playwright test --project=chromium-desktop --project=chromium-mobile-webapp"
|
||||
fi
|
||||
workers="${USERFRONT_E2E_WORKERS:-2}"
|
||||
case "$workers" in
|
||||
@@ -759,10 +764,10 @@ jobs:
|
||||
echo "3. \`cd ../userfront && flutter build web --wasm --release\`"
|
||||
if [ "$USERFRONT_E2E_FULL" = "true" ]; then
|
||||
echo "4. \`cd ../userfront-e2e && npx playwright install --with-deps\`"
|
||||
echo "5. \`npm test\`"
|
||||
echo "5. \`npx playwright test\`"
|
||||
else
|
||||
echo "4. \`cd ../userfront-e2e && npx playwright install --with-deps chromium\`"
|
||||
echo "5. \`npm test -- --project=chromium-desktop --project=chromium-mobile-webapp\`"
|
||||
echo "5. \`npx playwright test --project=chromium-desktop --project=chromium-mobile-webapp\`"
|
||||
fi
|
||||
echo
|
||||
echo "## Log Tail (last 200 lines)"
|
||||
@@ -1250,6 +1255,11 @@ jobs:
|
||||
with:
|
||||
node-version: "24"
|
||||
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v4
|
||||
with:
|
||||
version: 10.5.2
|
||||
|
||||
- name: Get Playwright version
|
||||
id: playwright-version
|
||||
run: |
|
||||
@@ -1323,10 +1333,11 @@ jobs:
|
||||
path: |
|
||||
reports/adminfront-test-failure-report.md
|
||||
reports/adminfront-install.log
|
||||
reports/adminfront-build.log
|
||||
reports/adminfront-provision.log
|
||||
reports/adminfront-test.log
|
||||
adminfront/playwright-report
|
||||
adminfront/test-results
|
||||
reports/adminfront-playwright-report
|
||||
reports/adminfront-test-results
|
||||
if-no-files-found: ignore
|
||||
|
||||
devfront-tests:
|
||||
|
||||
@@ -29,39 +29,58 @@ jobs:
|
||||
IMAGE_DEPLOY_PUBLIC_URL: ${{ vars.PROD_FRONTEND_URL }}
|
||||
IMAGE_DEPLOY_COMPOSE_TEMPLATE: deploy/templates/docker-compose.images.yaml
|
||||
IMAGE_DEPLOY_BUNDLE_FILE: prod-image-deploy-bundle.tgz
|
||||
ADMINFRONT_URL: ${{ vars.ADMINFRONT_URL }}
|
||||
DEVFRONT_URL: ${{ vars.DEVFRONT_URL }}
|
||||
ORGFRONT_URL: ${{ vars.ORGFRONT_URL }}
|
||||
VITE_OIDC_AUTHORITY: ${{ vars.VITE_OIDC_AUTHORITY }}
|
||||
ADMINFRONT_URL: ${{ vars.PROD_ADMINFRONT_URL }}
|
||||
DEVFRONT_URL: ${{ vars.PROD_DEVFRONT_URL }}
|
||||
ORGFRONT_URL: ${{ vars.PROD_ORGFRONT_URL }}
|
||||
VITE_OIDC_AUTHORITY: ${{ vars.PROD_VITE_OIDC_AUTHORITY }}
|
||||
IMAGE_DEPLOY_BACKEND_LOG_LEVEL: ${{ vars.PROD_BACKEND_LOG_LEVEL }}
|
||||
IMAGE_DEPLOY_CLIENT_LOG_DEBUG: ${{ vars.PROD_CLIENT_LOG_DEBUG }}
|
||||
IMAGE_DEPLOY_BACKEND_PUBLIC_URL: ${{ vars.PROD_BACKEND_URL || vars.PROD_FRONTEND_URL }}
|
||||
IMAGE_DEPLOY_BACKEND_URL: ${{ vars.PROD_BACKEND_URL || vars.PROD_FRONTEND_URL }}
|
||||
WORKS_ADMIN_API_BASE_URL: ${{ vars.PROD_WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL: ${{ vars.PROD_WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
PROFILE_CACHE_TTL: ${{ vars.PROD_PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY: ${{ secrets.PROD_NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY: ${{ secrets.PROD_NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID: ${{ vars.PROD_NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER: ${{ vars.PROD_NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION: ${{ vars.PROD_AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID: ${{ vars.PROD_AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER: ${{ vars.PROD_AWS_SES_SENDER }}
|
||||
CORS_ALLOWED_ORIGINS: ${{ vars.PROD_CORS_ALLOWED_ORIGINS }}
|
||||
OATHKEEPER_API_URL: ${{ vars.PROD_OATHKEEPER_API_URL }}
|
||||
CLICKHOUSE_HOST: ${{ vars.PROD_CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER: ${{ vars.PROD_CLICKHOUSE_USER }}
|
||||
IMAGE_DEPLOY_DB_PORT: ${{ vars.PROD_DB_PORT }}
|
||||
IMAGE_DEPLOY_REDIS_PORT: ${{ vars.PROD_REDIS_PORT }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_HTTP: ${{ vars.PROD_CLICKHOUSE_PORT_HTTP }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_NATIVE: ${{ vars.PROD_CLICKHOUSE_PORT_NATIVE }}
|
||||
IMAGE_DEPLOY_BACKEND_PORT: ${{ vars.PROD_BACKEND_PORT }}
|
||||
IMAGE_DEPLOY_FRONTEND_PORT: ${{ vars.PROD_FRONTEND_PORT }}
|
||||
ADMINFRONT_PORT: ${{ vars.ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT: ${{ vars.DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT: ${{ vars.ORGFRONT_PORT }}
|
||||
ADMINFRONT_PORT: ${{ vars.PROD_ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT: ${{ vars.PROD_DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT: ${{ vars.PROD_ORGFRONT_PORT }}
|
||||
IMAGE_DEPLOY_OATHKEEPER_PROXY_PORT: ${{ vars.PROD_OATHKEEPER_PROXY_PORT }}
|
||||
IMAGE_DEPLOY_DOMAIN_SUFFIX: ${{ vars.PROD_DOMAIN_SUFFIX }}
|
||||
ADMINFRONT_CALLBACK_URLS: ${{ vars.ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS: ${{ vars.DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS: ${{ vars.ORGFRONT_CALLBACK_URLS }}
|
||||
HYDRA_REFRESH_TOKEN_TTL: ${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
|
||||
ORY_POSTGRES_USER: ${{ vars.ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_DB: ${{ vars.ORY_POSTGRES_DB }}
|
||||
KRATOS_DB: ${{ vars.KRATOS_DB }}
|
||||
HYDRA_DB: ${{ vars.HYDRA_DB }}
|
||||
KETO_DB: ${{ vars.KETO_DB }}
|
||||
KRATOS_VERSION: ${{ vars.KRATOS_VERSION }}
|
||||
HYDRA_VERSION: ${{ vars.HYDRA_VERSION }}
|
||||
KETO_VERSION: ${{ vars.KETO_VERSION }}
|
||||
OATHKEEPER_VERSION: ${{ vars.OATHKEEPER_VERSION }}
|
||||
ORY_POSTGRES_TAG: ${{ vars.ORY_POSTGRES_TAG }}
|
||||
OATHKEEPER_UID: ${{ vars.OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID: ${{ vars.OATHKEEPER_GID }}
|
||||
OATHKEEPER_INTROSPECT_CLIENT_ID: ${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
ADMIN_EMAIL: ${{ vars.ADMIN_EMAIL }}
|
||||
ADMINFRONT_CALLBACK_URLS: ${{ vars.PROD_ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS: ${{ vars.PROD_DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS: ${{ vars.PROD_ORGFRONT_CALLBACK_URLS }}
|
||||
HYDRA_REFRESH_TOKEN_TTL: ${{ vars.PROD_HYDRA_REFRESH_TOKEN_TTL }}
|
||||
ORY_POSTGRES_USER: ${{ vars.PROD_ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_DB: ${{ vars.PROD_ORY_POSTGRES_DB }}
|
||||
KRATOS_DB: ${{ vars.PROD_KRATOS_DB }}
|
||||
HYDRA_DB: ${{ vars.PROD_HYDRA_DB }}
|
||||
KETO_DB: ${{ vars.PROD_KETO_DB }}
|
||||
KRATOS_VERSION: ${{ vars.PROD_KRATOS_VERSION }}
|
||||
HYDRA_VERSION: ${{ vars.PROD_HYDRA_VERSION }}
|
||||
KETO_VERSION: ${{ vars.PROD_KETO_VERSION }}
|
||||
OATHKEEPER_VERSION: ${{ vars.PROD_OATHKEEPER_VERSION }}
|
||||
ORY_POSTGRES_TAG: ${{ vars.PROD_ORY_POSTGRES_TAG }}
|
||||
OATHKEEPER_UID: ${{ vars.PROD_OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID: ${{ vars.PROD_OATHKEEPER_GID }}
|
||||
OATHKEEPER_INTROSPECT_CLIENT_ID: ${{ vars.PROD_OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
ADMIN_EMAIL: ${{ vars.PROD_ADMIN_EMAIL }}
|
||||
HARBOR_HOSTNAME: ${{ vars.HARBOR_HOSTNAME }}
|
||||
BACKEND_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/backend
|
||||
USERFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/userfront
|
||||
|
||||
@@ -101,33 +101,33 @@ jobs:
|
||||
"PROD_BACKEND_PORT=${{ vars.PROD_BACKEND_PORT }}" \
|
||||
"BACKEND_PORT=3000" \
|
||||
"USERFRONT_PORT=${{ vars.PROD_FRONTEND_PORT }}" \
|
||||
"ADMINFRONT_PORT=${{ vars.ADMINFRONT_PORT }}" \
|
||||
"DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }}" \
|
||||
"ORGFRONT_PORT=${{ vars.ORGFRONT_PORT }}" \
|
||||
"ADMINFRONT_PORT=${{ vars.PROD_ADMINFRONT_PORT }}" \
|
||||
"DEVFRONT_PORT=${{ vars.PROD_DEVFRONT_PORT }}" \
|
||||
"ORGFRONT_PORT=${{ vars.PROD_ORGFRONT_PORT }}" \
|
||||
"DB_USER=${{ vars.PROD_DB_USER }}" \
|
||||
"DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }}" \
|
||||
"DB_NAME=${{ vars.PROD_DB_NAME }}" \
|
||||
"COOKIE_SECRET=${{ secrets.PROD_COOKIE_SECRET }}" \
|
||||
"JWT_SECRET=${{ secrets.PROD_JWT_SECRET }}" \
|
||||
"REDIS_ADDR=${{ vars.PROD_REDIS_ADDR }}" \
|
||||
"NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}" \
|
||||
"NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}" \
|
||||
"NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}" \
|
||||
"NAVER_SENDER_PHONE_NUMBER=${{ vars.NAVER_SENDER_PHONE_NUMBER }}" \
|
||||
"AWS_REGION=${{ vars.AWS_REGION }}" \
|
||||
"AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}" \
|
||||
"AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" \
|
||||
"AWS_SES_SENDER=${{ vars.AWS_SES_SENDER }}" \
|
||||
"NAVER_CLOUD_ACCESS_KEY=${{ secrets.PROD_NAVER_CLOUD_ACCESS_KEY }}" \
|
||||
"NAVER_CLOUD_SECRET_KEY=${{ secrets.PROD_NAVER_CLOUD_SECRET_KEY }}" \
|
||||
"NAVER_CLOUD_SERVICE_ID=${{ vars.PROD_NAVER_CLOUD_SERVICE_ID }}" \
|
||||
"NAVER_SENDER_PHONE_NUMBER=${{ vars.PROD_NAVER_SENDER_PHONE_NUMBER }}" \
|
||||
"AWS_REGION=${{ vars.PROD_AWS_REGION }}" \
|
||||
"AWS_ACCESS_KEY_ID=${{ vars.PROD_AWS_ACCESS_KEY_ID }}" \
|
||||
"AWS_SECRET_ACCESS_KEY=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}" \
|
||||
"AWS_SES_SENDER=${{ vars.PROD_AWS_SES_SENDER }}" \
|
||||
"USERFRONT_URL=${{ vars.PROD_FRONTEND_URL }}" \
|
||||
"ADMINFRONT_URL=${{ vars.ADMINFRONT_URL }}" \
|
||||
"DEVFRONT_URL=${{ vars.DEVFRONT_URL }}" \
|
||||
"ORGFRONT_URL=${{ vars.ORGFRONT_URL }}" \
|
||||
"ADMINFRONT_URL=${{ vars.PROD_ADMINFRONT_URL }}" \
|
||||
"DEVFRONT_URL=${{ vars.PROD_DEVFRONT_URL }}" \
|
||||
"ORGFRONT_URL=${{ vars.PROD_ORGFRONT_URL }}" \
|
||||
"BACKEND_URL=${{ vars.PROD_BACKEND_URL }}" \
|
||||
"VITE_OIDC_AUTHORITY=${{ vars.VITE_OIDC_AUTHORITY }}" \
|
||||
"HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}" \
|
||||
"ADMINFRONT_CALLBACK_URLS=${{ vars.ADMINFRONT_CALLBACK_URLS }}" \
|
||||
"DEVFRONT_CALLBACK_URLS=${{ vars.DEVFRONT_CALLBACK_URLS }}" \
|
||||
"ORGFRONT_CALLBACK_URLS=${{ vars.ORGFRONT_CALLBACK_URLS }}" \
|
||||
"VITE_OIDC_AUTHORITY=${{ vars.PROD_VITE_OIDC_AUTHORITY }}" \
|
||||
"HYDRA_REFRESH_TOKEN_TTL=${{ vars.PROD_HYDRA_REFRESH_TOKEN_TTL }}" \
|
||||
"ADMINFRONT_CALLBACK_URLS=${{ vars.PROD_ADMINFRONT_CALLBACK_URLS }}" \
|
||||
"DEVFRONT_CALLBACK_URLS=${{ vars.PROD_DEVFRONT_CALLBACK_URLS }}" \
|
||||
"ORGFRONT_CALLBACK_URLS=${{ vars.PROD_ORGFRONT_CALLBACK_URLS }}" \
|
||||
> .env
|
||||
|
||||
required_dotenv_keys="
|
||||
|
||||
@@ -18,13 +18,13 @@ jobs:
|
||||
- name: Setup SSH
|
||||
uses: webfactory/ssh-agent@v0.9.0
|
||||
with:
|
||||
ssh-private-key: ${{ secrets.STAGE_SSH_PRIVATE_KEY }}
|
||||
ssh-private-key: ${{ secrets.STG_SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: Deploy to Staging by git pull
|
||||
env:
|
||||
DEPLOY_PATH: ${{ vars.STAGE_DEPLOY_PATH }}
|
||||
STAGE_HOST: ${{ vars.STAGE_HOST }}
|
||||
STAGE_USER: ${{ vars.STAGE_USER }}
|
||||
DEPLOY_PATH: ${{ vars.STG_DEPLOY_PATH }}
|
||||
STAGE_HOST: ${{ vars.STG_HOST }}
|
||||
STAGE_USER: ${{ vars.STG_USER }}
|
||||
TARGET_BRANCH: ${{ inputs.target_branch }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
@@ -48,99 +48,99 @@ jobs:
|
||||
APP_ENV=stage
|
||||
BACKEND_LOG_LEVEL=debug
|
||||
CLIENT_LOG_DEBUG=true
|
||||
WORKS_ADMIN_API_BASE_URL=${{ vars.WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL=${{ vars.WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
WORKS_ADMIN_API_BASE_URL=${{ vars.STG_WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL=${{ vars.STG_WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
TZ=Asia/Seoul
|
||||
IDP_PROVIDER=ory
|
||||
|
||||
# DB & Clickhouse
|
||||
DB_PORT=${{ vars.DB_PORT }}
|
||||
CLICKHOUSE_PORT_HTTP=${{ vars.CLICKHOUSE_PORT_HTTP }}
|
||||
CLICKHOUSE_PORT_NATIVE=${{ vars.CLICKHOUSE_PORT_NATIVE }}
|
||||
CLICKHOUSE_HOST=${{ vars.CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER=${{ vars.CLICKHOUSE_USER }}
|
||||
CLICKHOUSE_PASSWORD=${{ secrets.CLICKHOUSE_PASSWORD }}
|
||||
DB_PORT=${{ vars.STG_DB_PORT }}
|
||||
CLICKHOUSE_PORT_HTTP=${{ vars.STG_CLICKHOUSE_PORT_HTTP }}
|
||||
CLICKHOUSE_PORT_NATIVE=${{ vars.STG_CLICKHOUSE_PORT_NATIVE }}
|
||||
CLICKHOUSE_HOST=${{ vars.STG_CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER=${{ vars.STG_CLICKHOUSE_USER }}
|
||||
CLICKHOUSE_PASSWORD=${{ secrets.STG_CLICKHOUSE_PASSWORD }}
|
||||
|
||||
|
||||
BACKEND_PORT=${{ vars.BACKEND_PORT }}
|
||||
ADMINFRONT_PORT=${{ vars.ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT=${{ vars.ORGFRONT_PORT }}
|
||||
USERFRONT_PORT=${{ vars.USERFRONT_PORT }}
|
||||
BACKEND_PORT=${{ vars.STG_BACKEND_PORT }}
|
||||
ADMINFRONT_PORT=${{ vars.STG_ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT=${{ vars.STG_DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT=${{ vars.STG_ORGFRONT_PORT }}
|
||||
USERFRONT_PORT=${{ vars.STG_USERFRONT_PORT }}
|
||||
|
||||
OATHKEEPER_API_URL=${{ vars.OATHKEEPER_API_URL }}
|
||||
OATHKEEPER_API_URL=${{ vars.STG_OATHKEEPER_API_URL }}
|
||||
|
||||
DB_USER=${{ vars.DB_USER }}
|
||||
DB_USER=${{ vars.STG_DB_USER }}
|
||||
DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }}
|
||||
DB_NAME=${{ vars.DB_NAME }}
|
||||
DB_NAME=${{ vars.STG_DB_NAME }}
|
||||
COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }}
|
||||
JWT_SECRET=${{ secrets.STG_JWT_SECRET }}
|
||||
REDIS_ADDR=${{ vars.REDIS_ADDR }}
|
||||
CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }}
|
||||
REDIS_ADDR=${{ vars.STG_REDIS_ADDR }}
|
||||
CORS_ALLOWED_ORIGINS=${{ vars.STG_CORS_ALLOWED_ORIGINS }}
|
||||
AUDIT_WORKER_COUNT=5
|
||||
AUDIT_QUEUE_SIZE=2000
|
||||
PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER=${{ vars.NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION=${{ vars.AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER=${{ vars.AWS_SES_SENDER }}
|
||||
ADMIN_EMAIL=${{ vars.ADMIN_EMAIL }}
|
||||
PROFILE_CACHE_TTL=${{ vars.STG_PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY=${{ secrets.STG_NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY=${{ secrets.STG_NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID=${{ vars.STG_NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER=${{ vars.STG_NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION=${{ vars.STG_AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID=${{ vars.STG_AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY=${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER=${{ vars.STG_AWS_SES_SENDER }}
|
||||
ADMIN_EMAIL=${{ vars.STG_ADMIN_EMAIL }}
|
||||
ADMIN_PASSWORD=${{ secrets.STG_ADMIN_PASSWORD }}
|
||||
USERFRONT_URL=${{ vars.USERFRONT_URL }}
|
||||
ADMINFRONT_URL=${{ vars.ADMINFRONT_URL }}
|
||||
DEVFRONT_URL=${{ vars.DEVFRONT_URL }}
|
||||
ORGFRONT_URL=${{ vars.ORGFRONT_URL }}
|
||||
BACKEND_PUBLIC_URL=${{ vars.BACKEND_URL }}
|
||||
BACKEND_URL=${{ vars.BACKEND_URL }}
|
||||
OATHKEEPER_PUBLIC_URL=${{ vars.OATHKEEPER_PUBLIC_URL }}
|
||||
ORY_POSTGRES_TAG=${{ vars.ORY_POSTGRES_TAG }}
|
||||
ORY_POSTGRES_USER=${{ vars.ORY_POSTGRES_USER }}
|
||||
USERFRONT_URL=${{ vars.STG_USERFRONT_URL }}
|
||||
ADMINFRONT_URL=${{ vars.STG_ADMINFRONT_URL }}
|
||||
DEVFRONT_URL=${{ vars.STG_DEVFRONT_URL }}
|
||||
ORGFRONT_URL=${{ vars.STG_ORGFRONT_URL }}
|
||||
BACKEND_PUBLIC_URL=${{ vars.STG_BACKEND_URL }}
|
||||
BACKEND_URL=${{ vars.STG_BACKEND_URL }}
|
||||
OATHKEEPER_PUBLIC_URL=${{ vars.STG_OATHKEEPER_PUBLIC_URL }}
|
||||
ORY_POSTGRES_TAG=${{ vars.STG_ORY_POSTGRES_TAG }}
|
||||
ORY_POSTGRES_USER=${{ vars.STG_ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_PASSWORD=${{ secrets.STG_ORY_POSTGRES_PASSWORD }}
|
||||
ORY_POSTGRES_DB=${{ vars.ORY_POSTGRES_DB }}
|
||||
KRATOS_DB=${{ vars.KRATOS_DB }}
|
||||
HYDRA_DB=${{ vars.HYDRA_DB }}
|
||||
KETO_DB=${{ vars.KETO_DB }}
|
||||
KRATOS_VERSION=${{ vars.KRATOS_VERSION }}
|
||||
KRATOS_UI_NODE_VERSION=${{ vars.KRATOS_UI_NODE_VERSION }}
|
||||
HYDRA_VERSION=${{ vars.HYDRA_VERSION }}
|
||||
KETO_VERSION=${{ vars.KETO_VERSION }}
|
||||
ORY_SDK_URL=${{ vars.ORY_SDK_URL }}
|
||||
KRATOS_PUBLIC_URL=${{ vars.KRATOS_PUBLIC_URL }}
|
||||
KRATOS_ADMIN_URL=${{ vars.KRATOS_ADMIN_URL }}
|
||||
KRATOS_BROWSER_URL=${{ vars.KRATOS_BROWSER_URL }}
|
||||
KRATOS_UI_URL=${{ vars.KRATOS_UI_URL }}
|
||||
HYDRA_ADMIN_URL=${{ vars.HYDRA_ADMIN_URL }}
|
||||
HYDRA_PUBLIC_URL=${{ vars.HYDRA_PUBLIC_URL }}
|
||||
HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
|
||||
JWKS_URL=${{ vars.JWKS_URL }}
|
||||
OATHKEEPER_VERSION=${{ vars.OATHKEEPER_VERSION }}
|
||||
OATHKEEPER_UID=${{ vars.OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID=${{ vars.OATHKEEPER_GID }}
|
||||
OATHKEEPER_HEALTH_URL=${{ vars.OATHKEEPER_HEALTH_URL }}
|
||||
OATHKEEPER_HEALTH_INTERVAL_SECONDS=${{ vars.OATHKEEPER_HEALTH_INTERVAL_SECONDS }}
|
||||
OATHKEEPER_HEALTH_TIMEOUT_SECONDS=${{ vars.OATHKEEPER_HEALTH_TIMEOUT_SECONDS }}
|
||||
OATHKEEPER_HEALTH_ENABLED=${{ vars.OATHKEEPER_HEALTH_ENABLED }}
|
||||
CSRF_COOKIE_NAME=${{ vars.CSRF_COOKIE_NAME }}
|
||||
ORY_POSTGRES_DB=${{ vars.STG_ORY_POSTGRES_DB }}
|
||||
KRATOS_DB=${{ vars.STG_KRATOS_DB }}
|
||||
HYDRA_DB=${{ vars.STG_HYDRA_DB }}
|
||||
KETO_DB=${{ vars.STG_KETO_DB }}
|
||||
KRATOS_VERSION=${{ vars.STG_KRATOS_VERSION }}
|
||||
KRATOS_UI_NODE_VERSION=${{ vars.STG_KRATOS_UI_NODE_VERSION }}
|
||||
HYDRA_VERSION=${{ vars.STG_HYDRA_VERSION }}
|
||||
KETO_VERSION=${{ vars.STG_KETO_VERSION }}
|
||||
ORY_SDK_URL=${{ vars.STG_ORY_SDK_URL }}
|
||||
KRATOS_PUBLIC_URL=${{ vars.STG_KRATOS_PUBLIC_URL }}
|
||||
KRATOS_ADMIN_URL=${{ vars.STG_KRATOS_ADMIN_URL }}
|
||||
KRATOS_BROWSER_URL=${{ vars.STG_KRATOS_BROWSER_URL }}
|
||||
KRATOS_UI_URL=${{ vars.STG_KRATOS_UI_URL }}
|
||||
HYDRA_ADMIN_URL=${{ vars.STG_HYDRA_ADMIN_URL }}
|
||||
HYDRA_PUBLIC_URL=${{ vars.STG_HYDRA_PUBLIC_URL }}
|
||||
HYDRA_REFRESH_TOKEN_TTL=${{ vars.STG_HYDRA_REFRESH_TOKEN_TTL }}
|
||||
JWKS_URL=${{ vars.STG_JWKS_URL }}
|
||||
OATHKEEPER_VERSION=${{ vars.STG_OATHKEEPER_VERSION }}
|
||||
OATHKEEPER_UID=${{ vars.STG_OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID=${{ vars.STG_OATHKEEPER_GID }}
|
||||
OATHKEEPER_HEALTH_URL=${{ vars.STG_OATHKEEPER_HEALTH_URL }}
|
||||
OATHKEEPER_HEALTH_INTERVAL_SECONDS=${{ vars.STG_OATHKEEPER_HEALTH_INTERVAL_SECONDS }}
|
||||
OATHKEEPER_HEALTH_TIMEOUT_SECONDS=${{ vars.STG_OATHKEEPER_HEALTH_TIMEOUT_SECONDS }}
|
||||
OATHKEEPER_HEALTH_ENABLED=${{ vars.STG_OATHKEEPER_HEALTH_ENABLED }}
|
||||
CSRF_COOKIE_NAME=${{ vars.STG_CSRF_COOKIE_NAME }}
|
||||
CSRF_COOKIE_SECRET=${{ secrets.STG_CSRF_COOKIE_SECRET }}
|
||||
|
||||
# Frontend/Ory URL configs for Staging
|
||||
VITE_OIDC_AUTHORITY=${{ vars.VITE_OIDC_AUTHORITY }}
|
||||
ADMINFRONT_CALLBACK_URLS=${{ vars.ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS=${{ vars.DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS=${{ vars.ORGFRONT_CALLBACK_URLS }}
|
||||
KRATOS_ALLOWED_RETURN_URLS_JSON=${{ vars.KRATOS_ALLOWED_RETURN_URLS_JSON }}
|
||||
KRATOS_ALLOWED_RETURN_URLS_EXTRA=${{ vars.KRATOS_ALLOWED_RETURN_URLS_EXTRA }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
VITE_OIDC_AUTHORITY=${{ vars.STG_VITE_OIDC_AUTHORITY }}
|
||||
ADMINFRONT_CALLBACK_URLS=${{ vars.STG_ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS=${{ vars.STG_DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS=${{ vars.STG_ORGFRONT_CALLBACK_URLS }}
|
||||
KRATOS_ALLOWED_RETURN_URLS_JSON=${{ vars.STG_KRATOS_ALLOWED_RETURN_URLS_JSON }}
|
||||
KRATOS_ALLOWED_RETURN_URLS_EXTRA=${{ vars.STG_KRATOS_ALLOWED_RETURN_URLS_EXTRA }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.STG_OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }}
|
||||
|
||||
# Monitoring & Alerts
|
||||
SMS_WEBHOOK_PORT=${{ vars.SMS_WEBHOOK_PORT || '8080' }}
|
||||
MONITOR_RECIPIENT_PHONES=${{ vars.MONITOR_RECIPIENT_PHONES || '01012345678,01098765432' }}
|
||||
LOKI_URL=${{ vars.LOKI_URL || 'http://loki:3100/loki/api/v1/push' }}
|
||||
SMS_WEBHOOK_PORT=${{ vars.STG_SMS_WEBHOOK_PORT || '8080' }}
|
||||
MONITOR_RECIPIENT_PHONES=${{ vars.STG_MONITOR_RECIPIENT_PHONES || '01012345678,01098765432' }}
|
||||
LOKI_URL=${{ vars.STG_LOKI_URL || 'http://loki:3100/loki/api/v1/push' }}
|
||||
EOF
|
||||
|
||||
# 코드 업데이트 (Git)
|
||||
|
||||
@@ -18,50 +18,69 @@ jobs:
|
||||
- name: Setup SSH
|
||||
uses: webfactory/ssh-agent@v0.9.0
|
||||
with:
|
||||
ssh-private-key: ${{ secrets.STAGE_SSH_PRIVATE_KEY }}
|
||||
ssh-private-key: ${{ secrets.STG_SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: Build staging deployment bundle
|
||||
env:
|
||||
IMAGE_TAG: ${{ github.event.inputs.image_tag }}
|
||||
IMAGE_DEPLOY_ENV: stage
|
||||
IMAGE_DEPLOY_INSTANCE_NAME: ${{ vars.STAGE_INSTANCE_NAME }}
|
||||
IMAGE_DEPLOY_PORT_PREFIX: ${{ vars.STAGE_PORT_PREFIX }}
|
||||
IMAGE_DEPLOY_PUBLIC_URL: ${{ vars.USERFRONT_URL }}
|
||||
IMAGE_DEPLOY_INSTANCE_NAME: ${{ vars.STG_INSTANCE_NAME }}
|
||||
IMAGE_DEPLOY_PORT_PREFIX: ${{ vars.STG_PORT_PREFIX }}
|
||||
IMAGE_DEPLOY_PUBLIC_URL: ${{ vars.STG_USERFRONT_URL }}
|
||||
IMAGE_DEPLOY_COMPOSE_TEMPLATE: deploy/templates/docker-compose.images.yaml
|
||||
IMAGE_DEPLOY_BUNDLE_FILE: stage-image-deploy-bundle.tgz
|
||||
ADMINFRONT_URL: ${{ vars.ADMINFRONT_URL }}
|
||||
DEVFRONT_URL: ${{ vars.DEVFRONT_URL }}
|
||||
ORGFRONT_URL: ${{ vars.ORGFRONT_URL }}
|
||||
VITE_OIDC_AUTHORITY: ${{ vars.VITE_OIDC_AUTHORITY }}
|
||||
IMAGE_DEPLOY_DB_PORT: ${{ vars.DB_PORT }}
|
||||
IMAGE_DEPLOY_REDIS_PORT: ${{ vars.REDIS_PORT }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_HTTP: ${{ vars.CLICKHOUSE_PORT_HTTP }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_NATIVE: ${{ vars.CLICKHOUSE_PORT_NATIVE }}
|
||||
IMAGE_DEPLOY_BACKEND_PORT: ${{ vars.BACKEND_PORT }}
|
||||
IMAGE_DEPLOY_FRONTEND_PORT: ${{ vars.USERFRONT_PORT }}
|
||||
ADMINFRONT_PORT: ${{ vars.ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT: ${{ vars.DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT: ${{ vars.ORGFRONT_PORT }}
|
||||
IMAGE_DEPLOY_OATHKEEPER_PROXY_PORT: ${{ vars.OATHKEEPER_PROXY_PORT }}
|
||||
IMAGE_DEPLOY_DOMAIN_SUFFIX: ${{ vars.DOMAIN_SUFFIX }}
|
||||
ADMINFRONT_CALLBACK_URLS: ${{ vars.ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS: ${{ vars.DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS: ${{ vars.ORGFRONT_CALLBACK_URLS }}
|
||||
HYDRA_REFRESH_TOKEN_TTL: ${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
|
||||
ORY_POSTGRES_USER: ${{ vars.ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_DB: ${{ vars.ORY_POSTGRES_DB }}
|
||||
KRATOS_DB: ${{ vars.KRATOS_DB }}
|
||||
HYDRA_DB: ${{ vars.HYDRA_DB }}
|
||||
KETO_DB: ${{ vars.KETO_DB }}
|
||||
KRATOS_VERSION: ${{ vars.KRATOS_VERSION }}
|
||||
HYDRA_VERSION: ${{ vars.HYDRA_VERSION }}
|
||||
KETO_VERSION: ${{ vars.KETO_VERSION }}
|
||||
OATHKEEPER_VERSION: ${{ vars.OATHKEEPER_VERSION }}
|
||||
ORY_POSTGRES_TAG: ${{ vars.ORY_POSTGRES_TAG }}
|
||||
OATHKEEPER_UID: ${{ vars.OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID: ${{ vars.OATHKEEPER_GID }}
|
||||
OATHKEEPER_INTROSPECT_CLIENT_ID: ${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
ADMIN_EMAIL: ${{ vars.ADMIN_EMAIL }}
|
||||
ADMINFRONT_URL: ${{ vars.STG_ADMINFRONT_URL }}
|
||||
DEVFRONT_URL: ${{ vars.STG_DEVFRONT_URL }}
|
||||
ORGFRONT_URL: ${{ vars.STG_ORGFRONT_URL }}
|
||||
VITE_OIDC_AUTHORITY: ${{ vars.STG_VITE_OIDC_AUTHORITY }}
|
||||
IMAGE_DEPLOY_BACKEND_LOG_LEVEL: ${{ vars.STG_BACKEND_LOG_LEVEL || 'debug' }}
|
||||
IMAGE_DEPLOY_CLIENT_LOG_DEBUG: ${{ vars.STG_CLIENT_LOG_DEBUG || 'true' }}
|
||||
IMAGE_DEPLOY_BACKEND_PUBLIC_URL: ${{ vars.STG_BACKEND_URL }}
|
||||
IMAGE_DEPLOY_BACKEND_URL: ${{ vars.STG_BACKEND_URL }}
|
||||
WORKS_ADMIN_API_BASE_URL: ${{ vars.STG_WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL: ${{ vars.STG_WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
PROFILE_CACHE_TTL: ${{ vars.STG_PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY: ${{ secrets.STG_NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY: ${{ secrets.STG_NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID: ${{ vars.STG_NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER: ${{ vars.STG_NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION: ${{ vars.STG_AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER: ${{ vars.STG_AWS_SES_SENDER }}
|
||||
CORS_ALLOWED_ORIGINS: ${{ vars.STG_CORS_ALLOWED_ORIGINS }}
|
||||
OATHKEEPER_API_URL: ${{ vars.STG_OATHKEEPER_API_URL }}
|
||||
CLICKHOUSE_HOST: ${{ vars.STG_CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER: ${{ vars.STG_CLICKHOUSE_USER }}
|
||||
IMAGE_DEPLOY_DB_PORT: ${{ vars.STG_DB_PORT }}
|
||||
IMAGE_DEPLOY_REDIS_PORT: ${{ vars.STG_REDIS_PORT }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_HTTP: ${{ vars.STG_CLICKHOUSE_PORT_HTTP }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PORT_NATIVE: ${{ vars.STG_CLICKHOUSE_PORT_NATIVE }}
|
||||
IMAGE_DEPLOY_BACKEND_PORT: ${{ vars.STG_BACKEND_PORT }}
|
||||
IMAGE_DEPLOY_FRONTEND_PORT: ${{ vars.STG_USERFRONT_PORT }}
|
||||
ADMINFRONT_PORT: ${{ vars.STG_ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT: ${{ vars.STG_DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT: ${{ vars.STG_ORGFRONT_PORT }}
|
||||
IMAGE_DEPLOY_OATHKEEPER_PROXY_PORT: ${{ vars.STG_OATHKEEPER_PROXY_PORT }}
|
||||
IMAGE_DEPLOY_DOMAIN_SUFFIX: ${{ vars.STG_DOMAIN_SUFFIX }}
|
||||
ADMINFRONT_CALLBACK_URLS: ${{ vars.STG_ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS: ${{ vars.STG_DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS: ${{ vars.STG_ORGFRONT_CALLBACK_URLS }}
|
||||
HYDRA_REFRESH_TOKEN_TTL: ${{ vars.STG_HYDRA_REFRESH_TOKEN_TTL }}
|
||||
ORY_POSTGRES_USER: ${{ vars.STG_ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_DB: ${{ vars.STG_ORY_POSTGRES_DB }}
|
||||
KRATOS_DB: ${{ vars.STG_KRATOS_DB }}
|
||||
HYDRA_DB: ${{ vars.STG_HYDRA_DB }}
|
||||
KETO_DB: ${{ vars.STG_KETO_DB }}
|
||||
KRATOS_VERSION: ${{ vars.STG_KRATOS_VERSION }}
|
||||
HYDRA_VERSION: ${{ vars.STG_HYDRA_VERSION }}
|
||||
KETO_VERSION: ${{ vars.STG_KETO_VERSION }}
|
||||
OATHKEEPER_VERSION: ${{ vars.STG_OATHKEEPER_VERSION }}
|
||||
ORY_POSTGRES_TAG: ${{ vars.STG_ORY_POSTGRES_TAG }}
|
||||
OATHKEEPER_UID: ${{ vars.STG_OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID: ${{ vars.STG_OATHKEEPER_GID }}
|
||||
OATHKEEPER_INTROSPECT_CLIENT_ID: ${{ vars.STG_OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
ADMIN_EMAIL: ${{ vars.STG_ADMIN_EMAIL }}
|
||||
HARBOR_HOSTNAME: ${{ vars.HARBOR_HOSTNAME }}
|
||||
BACKEND_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/backend
|
||||
USERFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/userfront
|
||||
@@ -71,7 +90,7 @@ jobs:
|
||||
IMAGE_DEPLOY_DB_PASSWORD: ${{ secrets.STG_DB_PASSWORD }}
|
||||
IMAGE_DEPLOY_ORY_POSTGRES_PASSWORD: ${{ secrets.STG_ORY_POSTGRES_PASSWORD }}
|
||||
IMAGE_DEPLOY_OATHKEEPER_INTROSPECT_CLIENT_SECRET: ${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PASSWORD: ${{ secrets.CLICKHOUSE_PASSWORD }}
|
||||
IMAGE_DEPLOY_CLICKHOUSE_PASSWORD: ${{ secrets.STG_CLICKHOUSE_PASSWORD }}
|
||||
IMAGE_DEPLOY_COOKIE_SECRET: ${{ secrets.STG_COOKIE_SECRET }}
|
||||
IMAGE_DEPLOY_JWT_SECRET: ${{ secrets.STG_JWT_SECRET }}
|
||||
IMAGE_DEPLOY_CSRF_COOKIE_SECRET: ${{ secrets.STG_CSRF_COOKIE_SECRET }}
|
||||
@@ -83,9 +102,9 @@ jobs:
|
||||
- name: Upload bundle and run requested staging image tag
|
||||
env:
|
||||
IMAGE_DEPLOY_BUNDLE_FILE: stage-image-deploy-bundle.tgz
|
||||
DEPLOY_HOST: ${{ vars.STAGE_HOST }}
|
||||
DEPLOY_USER: ${{ vars.STAGE_USER }}
|
||||
DEPLOY_PATH: ${{ vars.STAGE_DEPLOY_PATH }}
|
||||
DEPLOY_HOST: ${{ vars.STG_HOST }}
|
||||
DEPLOY_USER: ${{ vars.STG_USER }}
|
||||
DEPLOY_PATH: ${{ vars.STG_DEPLOY_PATH }}
|
||||
HARBOR_ENDPOINT: ${{ vars.HARBOR_ENDPOINT }}
|
||||
HARBOR_ROBOT_ACCOUNT: ${{ vars.HARBOR_ROBOT_ACCOUNT }}
|
||||
HARBOR_ROBOT_KEY: ${{ secrets.HARBOR_ROBOT_KEY }}
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
- name: Setup SSH
|
||||
uses: webfactory/ssh-agent@v0.9.0
|
||||
with:
|
||||
ssh-private-key: ${{ secrets.STAGE_SSH_PRIVATE_KEY }}
|
||||
ssh-private-key: ${{ secrets.STG_SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: Deploy to Staging
|
||||
env:
|
||||
@@ -30,9 +30,9 @@ jobs:
|
||||
ORGFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/orgfront
|
||||
|
||||
# Staging-specific variables
|
||||
DEPLOY_PATH: ${{ vars.STAGE_DEPLOY_PATH }}
|
||||
STAGE_HOST: ${{ vars.STAGE_HOST }}
|
||||
STAGE_USER: ${{ vars.STAGE_USER }}
|
||||
DEPLOY_PATH: ${{ vars.STG_DEPLOY_PATH }}
|
||||
STAGE_HOST: ${{ vars.STG_HOST }}
|
||||
STAGE_USER: ${{ vars.STG_USER }}
|
||||
|
||||
HARBOR_ENDPOINT: ${{ vars.HARBOR_ENDPOINT }}
|
||||
HARBOR_ROBOT_ACCOUNT: ${{ vars.HARBOR_ROBOT_ACCOUNT }}
|
||||
@@ -58,88 +58,88 @@ jobs:
|
||||
APP_ENV=stage
|
||||
BACKEND_LOG_LEVEL=debug
|
||||
CLIENT_LOG_DEBUG=true
|
||||
WORKS_ADMIN_API_BASE_URL=${{ vars.WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL=${{ vars.WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
WORKS_ADMIN_API_BASE_URL=${{ vars.STG_WORKS_ADMIN_API_BASE_URL }}
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL=${{ vars.STG_WORKS_ADMIN_OAUTH_TOKEN_URL }}
|
||||
TZ=Asia/Seoul
|
||||
IDP_PROVIDER=ory
|
||||
|
||||
# DB & Clickhouse
|
||||
DB_PORT=${{ vars.DB_PORT }}
|
||||
CLICKHOUSE_PORT_HTTP=${{ vars.CLICKHOUSE_PORT_HTTP }}
|
||||
CLICKHOUSE_PORT_NATIVE=${{ vars.CLICKHOUSE_PORT_NATIVE }}
|
||||
CLICKHOUSE_HOST=${{ vars.CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER=${{ vars.CLICKHOUSE_USER }}
|
||||
CLICKHOUSE_PASSWORD=${{ secrets.CLICKHOUSE_PASSWORD }}
|
||||
DB_PORT=${{ vars.STG_DB_PORT }}
|
||||
CLICKHOUSE_PORT_HTTP=${{ vars.STG_CLICKHOUSE_PORT_HTTP }}
|
||||
CLICKHOUSE_PORT_NATIVE=${{ vars.STG_CLICKHOUSE_PORT_NATIVE }}
|
||||
CLICKHOUSE_HOST=${{ vars.STG_CLICKHOUSE_HOST }}
|
||||
CLICKHOUSE_USER=${{ vars.STG_CLICKHOUSE_USER }}
|
||||
CLICKHOUSE_PASSWORD=${{ secrets.STG_CLICKHOUSE_PASSWORD }}
|
||||
|
||||
|
||||
BACKEND_PORT=${{ vars.BACKEND_PORT }}
|
||||
ADMINFRONT_PORT=${{ vars.ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT=${{ vars.ORGFRONT_PORT }}
|
||||
USERFRONT_PORT=${{ vars.USERFRONT_PORT }}
|
||||
BACKEND_PORT=${{ vars.STG_BACKEND_PORT }}
|
||||
ADMINFRONT_PORT=${{ vars.STG_ADMINFRONT_PORT }}
|
||||
DEVFRONT_PORT=${{ vars.STG_DEVFRONT_PORT }}
|
||||
ORGFRONT_PORT=${{ vars.STG_ORGFRONT_PORT }}
|
||||
USERFRONT_PORT=${{ vars.STG_USERFRONT_PORT }}
|
||||
|
||||
OATHKEEPER_API_URL=${{ vars.OATHKEEPER_API_URL }}
|
||||
OATHKEEPER_API_URL=${{ vars.STG_OATHKEEPER_API_URL }}
|
||||
|
||||
DB_USER=${{ vars.DB_USER }}
|
||||
DB_USER=${{ vars.STG_DB_USER }}
|
||||
DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }}
|
||||
DB_NAME=${{ vars.DB_NAME }}
|
||||
DB_NAME=${{ vars.STG_DB_NAME }}
|
||||
COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }}
|
||||
JWT_SECRET=${{ secrets.STG_JWT_SECRET }}
|
||||
REDIS_ADDR=${{ vars.REDIS_ADDR }}
|
||||
CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }}
|
||||
REDIS_ADDR=${{ vars.STG_REDIS_ADDR }}
|
||||
CORS_ALLOWED_ORIGINS=${{ vars.STG_CORS_ALLOWED_ORIGINS }}
|
||||
AUDIT_WORKER_COUNT=5
|
||||
AUDIT_QUEUE_SIZE=2000
|
||||
PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY=${{ vars.NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY=${{ secrets.NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID=${{ vars.NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER=${{ vars.NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION=${{ vars.AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER=${{ vars.AWS_SES_SENDER }}
|
||||
ADMIN_EMAIL=${{ vars.ADMIN_EMAIL }}
|
||||
PROFILE_CACHE_TTL=${{ vars.STG_PROFILE_CACHE_TTL }}
|
||||
NAVER_CLOUD_ACCESS_KEY=${{ secrets.STG_NAVER_CLOUD_ACCESS_KEY }}
|
||||
NAVER_CLOUD_SECRET_KEY=${{ secrets.STG_NAVER_CLOUD_SECRET_KEY }}
|
||||
NAVER_CLOUD_SERVICE_ID=${{ vars.STG_NAVER_CLOUD_SERVICE_ID }}
|
||||
NAVER_SENDER_PHONE_NUMBER=${{ vars.STG_NAVER_SENDER_PHONE_NUMBER }}
|
||||
AWS_REGION=${{ vars.STG_AWS_REGION }}
|
||||
AWS_ACCESS_KEY_ID=${{ vars.STG_AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY=${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_SES_SENDER=${{ vars.STG_AWS_SES_SENDER }}
|
||||
ADMIN_EMAIL=${{ vars.STG_ADMIN_EMAIL }}
|
||||
ADMIN_PASSWORD=${{ secrets.STG_ADMIN_PASSWORD }}
|
||||
USERFRONT_URL=${{ vars.USERFRONT_URL }}
|
||||
ORGFRONT_URL=${{ vars.ORGFRONT_URL }}
|
||||
BACKEND_PUBLIC_URL=${{ vars.BACKEND_URL }}
|
||||
BACKEND_URL=${{ vars.BACKEND_URL }}
|
||||
OATHKEEPER_PUBLIC_URL=${{ vars.OATHKEEPER_PUBLIC_URL }}
|
||||
ORY_POSTGRES_TAG=${{ vars.ORY_POSTGRES_TAG }}
|
||||
ORY_POSTGRES_USER=${{ vars.ORY_POSTGRES_USER }}
|
||||
USERFRONT_URL=${{ vars.STG_USERFRONT_URL }}
|
||||
ORGFRONT_URL=${{ vars.STG_ORGFRONT_URL }}
|
||||
BACKEND_PUBLIC_URL=${{ vars.STG_BACKEND_URL }}
|
||||
BACKEND_URL=${{ vars.STG_BACKEND_URL }}
|
||||
OATHKEEPER_PUBLIC_URL=${{ vars.STG_OATHKEEPER_PUBLIC_URL }}
|
||||
ORY_POSTGRES_TAG=${{ vars.STG_ORY_POSTGRES_TAG }}
|
||||
ORY_POSTGRES_USER=${{ vars.STG_ORY_POSTGRES_USER }}
|
||||
ORY_POSTGRES_PASSWORD=${{ secrets.STG_ORY_POSTGRES_PASSWORD }}
|
||||
ORY_POSTGRES_DB=${{ vars.ORY_POSTGRES_DB }}
|
||||
KRATOS_DB=${{ vars.KRATOS_DB }}
|
||||
HYDRA_DB=${{ vars.HYDRA_DB }}
|
||||
KETO_DB=${{ vars.KETO_DB }}
|
||||
KRATOS_VERSION=${{ vars.KRATOS_VERSION }}
|
||||
KRATOS_UI_NODE_VERSION=${{ vars.KRATOS_UI_NODE_VERSION }}
|
||||
HYDRA_VERSION=${{ vars.HYDRA_VERSION }}
|
||||
KETO_VERSION=${{ vars.KETO_VERSION }}
|
||||
ORY_SDK_URL=${{ vars.ORY_SDK_URL }}
|
||||
KRATOS_PUBLIC_URL=${{ vars.KRATOS_PUBLIC_URL }}
|
||||
KRATOS_ADMIN_URL=${{ vars.KRATOS_ADMIN_URL }}
|
||||
KRATOS_BROWSER_URL=${{ vars.KRATOS_BROWSER_URL }}
|
||||
KRATOS_UI_URL=${{ vars.KRATOS_UI_URL }}
|
||||
HYDRA_ADMIN_URL=${{ vars.HYDRA_ADMIN_URL }}
|
||||
HYDRA_PUBLIC_URL=${{ vars.HYDRA_PUBLIC_URL }}
|
||||
HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
|
||||
JWKS_URL=${{ vars.JWKS_URL }}
|
||||
OATHKEEPER_VERSION=${{ vars.OATHKEEPER_VERSION }}
|
||||
OATHKEEPER_UID=${{ vars.OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID=${{ vars.OATHKEEPER_GID }}
|
||||
OATHKEEPER_HEALTH_URL=${{ vars.OATHKEEPER_HEALTH_URL }}
|
||||
OATHKEEPER_HEALTH_INTERVAL_SECONDS=${{ vars.OATHKEEPER_HEALTH_INTERVAL_SECONDS }}
|
||||
OATHKEEPER_HEALTH_TIMEOUT_SECONDS=${{ vars.OATHKEEPER_HEALTH_TIMEOUT_SECONDS }}
|
||||
OATHKEEPER_HEALTH_ENABLED=${{ vars.OATHKEEPER_HEALTH_ENABLED }}
|
||||
CSRF_COOKIE_NAME=${{ vars.CSRF_COOKIE_NAME }}
|
||||
ORY_POSTGRES_DB=${{ vars.STG_ORY_POSTGRES_DB }}
|
||||
KRATOS_DB=${{ vars.STG_KRATOS_DB }}
|
||||
HYDRA_DB=${{ vars.STG_HYDRA_DB }}
|
||||
KETO_DB=${{ vars.STG_KETO_DB }}
|
||||
KRATOS_VERSION=${{ vars.STG_KRATOS_VERSION }}
|
||||
KRATOS_UI_NODE_VERSION=${{ vars.STG_KRATOS_UI_NODE_VERSION }}
|
||||
HYDRA_VERSION=${{ vars.STG_HYDRA_VERSION }}
|
||||
KETO_VERSION=${{ vars.STG_KETO_VERSION }}
|
||||
ORY_SDK_URL=${{ vars.STG_ORY_SDK_URL }}
|
||||
KRATOS_PUBLIC_URL=${{ vars.STG_KRATOS_PUBLIC_URL }}
|
||||
KRATOS_ADMIN_URL=${{ vars.STG_KRATOS_ADMIN_URL }}
|
||||
KRATOS_BROWSER_URL=${{ vars.STG_KRATOS_BROWSER_URL }}
|
||||
KRATOS_UI_URL=${{ vars.STG_KRATOS_UI_URL }}
|
||||
HYDRA_ADMIN_URL=${{ vars.STG_HYDRA_ADMIN_URL }}
|
||||
HYDRA_PUBLIC_URL=${{ vars.STG_HYDRA_PUBLIC_URL }}
|
||||
HYDRA_REFRESH_TOKEN_TTL=${{ vars.STG_HYDRA_REFRESH_TOKEN_TTL }}
|
||||
JWKS_URL=${{ vars.STG_JWKS_URL }}
|
||||
OATHKEEPER_VERSION=${{ vars.STG_OATHKEEPER_VERSION }}
|
||||
OATHKEEPER_UID=${{ vars.STG_OATHKEEPER_UID }}
|
||||
OATHKEEPER_GID=${{ vars.STG_OATHKEEPER_GID }}
|
||||
OATHKEEPER_HEALTH_URL=${{ vars.STG_OATHKEEPER_HEALTH_URL }}
|
||||
OATHKEEPER_HEALTH_INTERVAL_SECONDS=${{ vars.STG_OATHKEEPER_HEALTH_INTERVAL_SECONDS }}
|
||||
OATHKEEPER_HEALTH_TIMEOUT_SECONDS=${{ vars.STG_OATHKEEPER_HEALTH_TIMEOUT_SECONDS }}
|
||||
OATHKEEPER_HEALTH_ENABLED=${{ vars.STG_OATHKEEPER_HEALTH_ENABLED }}
|
||||
CSRF_COOKIE_NAME=${{ vars.STG_CSRF_COOKIE_NAME }}
|
||||
CSRF_COOKIE_SECRET=${{ secrets.STG_CSRF_COOKIE_SECRET }}
|
||||
|
||||
VITE_OIDC_AUTHORITY=${{ vars.VITE_OIDC_AUTHORITY }}
|
||||
ADMINFRONT_CALLBACK_URLS=${{ vars.ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS=${{ vars.DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS=${{ vars.ORGFRONT_CALLBACK_URLS }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
VITE_OIDC_AUTHORITY=${{ vars.STG_VITE_OIDC_AUTHORITY }}
|
||||
ADMINFRONT_CALLBACK_URLS=${{ vars.STG_ADMINFRONT_CALLBACK_URLS }}
|
||||
DEVFRONT_CALLBACK_URLS=${{ vars.STG_DEVFRONT_CALLBACK_URLS }}
|
||||
ORGFRONT_CALLBACK_URLS=${{ vars.STG_ORGFRONT_CALLBACK_URLS }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.STG_OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||
# OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }}
|
||||
EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user