diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 372a8072..a55b4aab 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -53,7 +53,7 @@ jobs: ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'" - # Create .env for Staging using a HEREDOC to prevent shell expansion issues + # Create .env for Staging using a HEREDOC cat <<'EOF' > .env APP_ENV=stage TZ=Asia/Seoul @@ -123,16 +123,33 @@ jobs: OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }} EOF - # Copy artifacts to remote - # Using compose.infra.yaml as base for staging (assuming simplified structure compared to prod) - # OR use docker-compose.template.yaml if staging follows prod structure strictly + # 파일 복사 섹션: 설정 파일 누락 방지 + + # 1. docker 디렉토리 구조 생성 + ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p ${DEPLOY_PATH}/docker" + + # 2. 설정 파일들 재귀적 복사 (kratos/hydra/oathkeeper 설정 및 DB init 스크립트) + # 주의: 로컬에 docker/init-metadata 폴더가 없다면 에러가 날 수 있으니 확인 필요 + scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" + + # DB 초기화 스크립트가 있다면 복사 (없다면 주석 처리) + if [ -d "docker/init-metadata" ]; then + scp -r docker/init-metadata "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" + fi + + # Gateway 소스 (빌드 컨텍스트가 필요한 경우) + if [ -d "gateway" ]; then + scp -r gateway "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" + fi + + # 3. Compose 파일 및 .env 복사 scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml" - # Ory compose files might be needed too scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml" - scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" - # Deploy + # ------------------------------------------------------------------- + # Deploy 실행 + # ------------------------------------------------------------------- echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \ "export DEPLOY_PATH='${DEPLOY_PATH}'; \ export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \ @@ -149,11 +166,11 @@ jobs: . ./.env; \ set +a; \ for net in baron_net public_net ory-net hydranet kratosnet; do - docker network inspect "\$net" >/dev/null 2>&1 || docker network create "\$net" + docker network inspect \"\$net\" >/dev/null 2>&1 || docker network create \"\$net\" done - # Assuming template usage similar to prod + envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \ + # Pull & Up - # Assuming staging runs both infra, ory, and app stack docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \ - docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d" + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans" \ No newline at end of file diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index 4c8a508f..797993fa 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -88,6 +88,27 @@ services: - ory-net - hydranet + # [수정됨] Oathkeeper 서비스 추가 (Backend 연결 문제 해결) + oathkeeper: + image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6} + container_name: ory_oathkeeper + restart: unless-stopped + depends_on: + kratos: + condition: service_started + environment: + - LOG_LEVEL=debug + command: serve proxy --config /etc/config/oathkeeper/oathkeeper.yml + volumes: + - ./docker/ory/oathkeeper:/etc/config/oathkeeper + networks: + - ory-net + - baron_net # Backend가 통신하기 위해 필수 + - public_net + ports: + - "4455:4455" # Proxy + - "4456:4456" # API (Backend 헬스체크용) + volumes: ory_postgres_data: @@ -104,3 +125,7 @@ networks: public_net: external: true name: public_net + # [수정됨] Baron Net 추가 정의 (Oathkeeper 연결용) + baron_net: + external: true + name: baron_net \ No newline at end of file