forked from baron/baron-sso
테스트 개선 및 프로덕션 배포준비
This commit is contained in:
69
scripts/test_deploy_workflow_env_prefixes.sh
Normal file
69
scripts/test_deploy_workflow_env_prefixes.sh
Normal file
@@ -0,0 +1,69 @@
|
||||
#!/usr/bin/env sh
|
||||
set -eu
|
||||
|
||||
fail_if_contains() {
|
||||
file="$1"
|
||||
pattern="$2"
|
||||
if grep -Fq "$pattern" "$file"; then
|
||||
echo "forbidden pattern in $file: $pattern" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
assert_contains() {
|
||||
file="$1"
|
||||
pattern="$2"
|
||||
if ! grep -Fq "$pattern" "$file"; then
|
||||
echo "missing pattern in $file: $pattern" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
staging_workflows="
|
||||
.gitea/workflows/staging_code_pull.yml
|
||||
.gitea/workflows/staging_release.yml
|
||||
.gitea/workflows/staging_image_deploy.yml
|
||||
"
|
||||
|
||||
production_workflows="
|
||||
.gitea/workflows/production_release.yml
|
||||
.gitea/workflows/production_image_deploy.yml
|
||||
"
|
||||
|
||||
for workflow in $staging_workflows; do
|
||||
assert_contains "$workflow" "vars.STG_"
|
||||
assert_contains "$workflow" "secrets.STG_"
|
||||
fail_if_contains "$workflow" "vars.STAGE_"
|
||||
fail_if_contains "$workflow" "secrets.STAGE_"
|
||||
for name in \
|
||||
USERFRONT_URL ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL VITE_OIDC_AUTHORITY \
|
||||
BACKEND_URL BACKEND_LOG_LEVEL CLIENT_LOG_DEBUG PROFILE_CACHE_TTL CORS_ALLOWED_ORIGINS \
|
||||
WORKS_ADMIN_API_BASE_URL WORKS_ADMIN_OAUTH_TOKEN_URL NAVER_CLOUD_ACCESS_KEY \
|
||||
NAVER_CLOUD_SERVICE_ID NAVER_SENDER_PHONE_NUMBER AWS_REGION AWS_ACCESS_KEY_ID \
|
||||
AWS_SES_SENDER CLICKHOUSE_HOST CLICKHOUSE_USER DB_PORT DB_USER DB_NAME REDIS_ADDR
|
||||
do
|
||||
fail_if_contains "$workflow" "vars.$name"
|
||||
done
|
||||
for name in AWS_SECRET_ACCESS_KEY NAVER_CLOUD_SECRET_KEY CLICKHOUSE_PASSWORD STAGE_SSH_PRIVATE_KEY; do
|
||||
fail_if_contains "$workflow" "secrets.$name"
|
||||
done
|
||||
done
|
||||
|
||||
for workflow in $production_workflows; do
|
||||
assert_contains "$workflow" "vars.PROD_"
|
||||
assert_contains "$workflow" "secrets.PROD_"
|
||||
for name in \
|
||||
ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL VITE_OIDC_AUTHORITY BACKEND_LOG_LEVEL \
|
||||
CLIENT_LOG_DEBUG PROFILE_CACHE_TTL CORS_ALLOWED_ORIGINS WORKS_ADMIN_API_BASE_URL \
|
||||
WORKS_ADMIN_OAUTH_TOKEN_URL NAVER_CLOUD_ACCESS_KEY NAVER_CLOUD_SERVICE_ID \
|
||||
NAVER_SENDER_PHONE_NUMBER AWS_REGION AWS_ACCESS_KEY_ID AWS_SES_SENDER \
|
||||
CLICKHOUSE_HOST CLICKHOUSE_USER ADMINFRONT_PORT DEVFRONT_PORT ORGFRONT_PORT
|
||||
do
|
||||
fail_if_contains "$workflow" "vars.$name"
|
||||
done
|
||||
for name in AWS_SECRET_ACCESS_KEY NAVER_CLOUD_SECRET_KEY CLICKHOUSE_PASSWORD; do
|
||||
fail_if_contains "$workflow" "secrets.$name"
|
||||
done
|
||||
done
|
||||
|
||||
echo "deploy workflow env prefix checks passed"
|
||||
Reference in New Issue
Block a user