forked from baron/baron-sso
설정 파일 오류 수정
This commit is contained in:
@@ -53,7 +53,7 @@ jobs:
|
|||||||
|
|
||||||
ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'"
|
ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'"
|
||||||
|
|
||||||
# Create .env for Staging using a HEREDOC to prevent shell expansion issues
|
# Create .env for Staging using a HEREDOC
|
||||||
cat <<'EOF' > .env
|
cat <<'EOF' > .env
|
||||||
APP_ENV=stage
|
APP_ENV=stage
|
||||||
TZ=Asia/Seoul
|
TZ=Asia/Seoul
|
||||||
@@ -123,16 +123,33 @@ jobs:
|
|||||||
OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }}
|
OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Copy artifacts to remote
|
# 파일 복사 섹션: 설정 파일 누락 방지
|
||||||
# Using compose.infra.yaml as base for staging (assuming simplified structure compared to prod)
|
|
||||||
# OR use docker-compose.template.yaml if staging follows prod structure strictly
|
# 1. docker 디렉토리 구조 생성
|
||||||
|
ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p ${DEPLOY_PATH}/docker"
|
||||||
|
|
||||||
|
# 2. 설정 파일들 재귀적 복사 (kratos/hydra/oathkeeper 설정 및 DB init 스크립트)
|
||||||
|
# 주의: 로컬에 docker/init-metadata 폴더가 없다면 에러가 날 수 있으니 확인 필요
|
||||||
|
scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/"
|
||||||
|
|
||||||
|
# DB 초기화 스크립트가 있다면 복사 (없다면 주석 처리)
|
||||||
|
if [ -d "docker/init-metadata" ]; then
|
||||||
|
scp -r docker/init-metadata "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Gateway 소스 (빌드 컨텍스트가 필요한 경우)
|
||||||
|
if [ -d "gateway" ]; then
|
||||||
|
scp -r gateway "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 3. Compose 파일 및 .env 복사
|
||||||
scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/"
|
scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/"
|
||||||
scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml"
|
scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml"
|
||||||
# Ory compose files might be needed too
|
|
||||||
scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml"
|
scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml"
|
||||||
scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/"
|
|
||||||
|
|
||||||
# Deploy
|
# -------------------------------------------------------------------
|
||||||
|
# Deploy 실행
|
||||||
|
# -------------------------------------------------------------------
|
||||||
echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \
|
echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \
|
||||||
"export DEPLOY_PATH='${DEPLOY_PATH}'; \
|
"export DEPLOY_PATH='${DEPLOY_PATH}'; \
|
||||||
export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \
|
export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \
|
||||||
@@ -149,11 +166,11 @@ jobs:
|
|||||||
. ./.env; \
|
. ./.env; \
|
||||||
set +a; \
|
set +a; \
|
||||||
for net in baron_net public_net ory-net hydranet kratosnet; do
|
for net in baron_net public_net ory-net hydranet kratosnet; do
|
||||||
docker network inspect "\$net" >/dev/null 2>&1 || docker network create "\$net"
|
docker network inspect \"\$net\" >/dev/null 2>&1 || docker network create \"\$net\"
|
||||||
done
|
done
|
||||||
# Assuming template usage similar to prod
|
|
||||||
envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \
|
envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \
|
||||||
|
|
||||||
# Pull & Up
|
# Pull & Up
|
||||||
# Assuming staging runs both infra, ory, and app stack
|
|
||||||
docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \
|
docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \
|
||||||
docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d"
|
docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans"
|
||||||
@@ -88,6 +88,27 @@ services:
|
|||||||
- ory-net
|
- ory-net
|
||||||
- hydranet
|
- hydranet
|
||||||
|
|
||||||
|
# [수정됨] Oathkeeper 서비스 추가 (Backend 연결 문제 해결)
|
||||||
|
oathkeeper:
|
||||||
|
image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6}
|
||||||
|
container_name: ory_oathkeeper
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
kratos:
|
||||||
|
condition: service_started
|
||||||
|
environment:
|
||||||
|
- LOG_LEVEL=debug
|
||||||
|
command: serve proxy --config /etc/config/oathkeeper/oathkeeper.yml
|
||||||
|
volumes:
|
||||||
|
- ./docker/ory/oathkeeper:/etc/config/oathkeeper
|
||||||
|
networks:
|
||||||
|
- ory-net
|
||||||
|
- baron_net # Backend가 통신하기 위해 필수
|
||||||
|
- public_net
|
||||||
|
ports:
|
||||||
|
- "4455:4455" # Proxy
|
||||||
|
- "4456:4456" # API (Backend 헬스체크용)
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
ory_postgres_data:
|
ory_postgres_data:
|
||||||
|
|
||||||
@@ -104,3 +125,7 @@ networks:
|
|||||||
public_net:
|
public_net:
|
||||||
external: true
|
external: true
|
||||||
name: public_net
|
name: public_net
|
||||||
|
# [수정됨] Baron Net 추가 정의 (Oathkeeper 연결용)
|
||||||
|
baron_net:
|
||||||
|
external: true
|
||||||
|
name: baron_net
|
||||||
Reference in New Issue
Block a user