From 658113d779ce577969cc29ce4dc5b978547507fb Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 10:59:05 +0900 Subject: [PATCH 01/22] =?UTF-8?q?=EC=84=A4=EC=A0=95=20=ED=8C=8C=EC=9D=BC?= =?UTF-8?q?=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 39 ++++++++++++++++++++-------- docker/compose.ory.yaml | 25 ++++++++++++++++++ 2 files changed, 53 insertions(+), 11 deletions(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 372a8072..a55b4aab 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -53,7 +53,7 @@ jobs: ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'" - # Create .env for Staging using a HEREDOC to prevent shell expansion issues + # Create .env for Staging using a HEREDOC cat <<'EOF' > .env APP_ENV=stage TZ=Asia/Seoul @@ -123,16 +123,33 @@ jobs: OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }} EOF - # Copy artifacts to remote - # Using compose.infra.yaml as base for staging (assuming simplified structure compared to prod) - # OR use docker-compose.template.yaml if staging follows prod structure strictly + # 파일 복사 섹션: 설정 파일 누락 방지 + + # 1. docker 디렉토리 구조 생성 + ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p ${DEPLOY_PATH}/docker" + + # 2. 설정 파일들 재귀적 복사 (kratos/hydra/oathkeeper 설정 및 DB init 스크립트) + # 주의: 로컬에 docker/init-metadata 폴더가 없다면 에러가 날 수 있으니 확인 필요 + scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" + + # DB 초기화 스크립트가 있다면 복사 (없다면 주석 처리) + if [ -d "docker/init-metadata" ]; then + scp -r docker/init-metadata "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" + fi + + # Gateway 소스 (빌드 컨텍스트가 필요한 경우) + if [ -d "gateway" ]; then + scp -r gateway "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" + fi + + # 3. Compose 파일 및 .env 복사 scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml" - # Ory compose files might be needed too scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml" - scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" - # Deploy + # ------------------------------------------------------------------- + # Deploy 실행 + # ------------------------------------------------------------------- echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \ "export DEPLOY_PATH='${DEPLOY_PATH}'; \ export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \ @@ -149,11 +166,11 @@ jobs: . ./.env; \ set +a; \ for net in baron_net public_net ory-net hydranet kratosnet; do - docker network inspect "\$net" >/dev/null 2>&1 || docker network create "\$net" + docker network inspect \"\$net\" >/dev/null 2>&1 || docker network create \"\$net\" done - # Assuming template usage similar to prod + envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \ + # Pull & Up - # Assuming staging runs both infra, ory, and app stack docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \ - docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d" + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans" \ No newline at end of file diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index 4c8a508f..797993fa 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -88,6 +88,27 @@ services: - ory-net - hydranet + # [수정됨] Oathkeeper 서비스 추가 (Backend 연결 문제 해결) + oathkeeper: + image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6} + container_name: ory_oathkeeper + restart: unless-stopped + depends_on: + kratos: + condition: service_started + environment: + - LOG_LEVEL=debug + command: serve proxy --config /etc/config/oathkeeper/oathkeeper.yml + volumes: + - ./docker/ory/oathkeeper:/etc/config/oathkeeper + networks: + - ory-net + - baron_net # Backend가 통신하기 위해 필수 + - public_net + ports: + - "4455:4455" # Proxy + - "4456:4456" # API (Backend 헬스체크용) + volumes: ory_postgres_data: @@ -104,3 +125,7 @@ networks: public_net: external: true name: public_net + # [수정됨] Baron Net 추가 정의 (Oathkeeper 연결용) + baron_net: + external: true + name: baron_net \ No newline at end of file From b49a39f9b2d5bf57e8d356556cdb440712e11a7f Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 11:04:48 +0900 Subject: [PATCH 02/22] =?UTF-8?q?healthcheck=20=EC=8B=9C=EA=B0=84=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/compose.ory.yaml | 6 +++++- docker/docker-compose.staging.template.yaml | 13 +++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index 797993fa..a91a6038 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -108,7 +108,11 @@ services: ports: - "4455:4455" # Proxy - "4456:4456" # API (Backend 헬스체크용) - + healthcheck: + test: ["CMD", "wget", "-qO-", "http://127.0.0.1:4456/health/ready"] + interval: 5s + timeout: 5s + retries: 5 volumes: ory_postgres_data: diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index 9ec87368..a5057122 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -23,6 +23,8 @@ services: - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" + # Oathkeeper URL이 필요하다면 명시 (일반적으로 내부 DNS 사용시 불필요하나 확실히 하기 위해) + - OATHKEEPER_API_URL=http://ory_oathkeeper:4456 ports: - "${BACKEND_PORT:-3000}:3000" depends_on: @@ -31,12 +33,14 @@ services: networks: - baron_net - ory-net + + # [수정됨] Healthcheck 시간을 넉넉하게 늘림 healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"] interval: 10s timeout: 5s - retries: 3 - start_period: 10s + retries: 10 # 3회 -> 10회 (최대 10번 재시도) + start_period: 60s # 10초 -> 60초 (처음 1분간은 실패해도 봐줌) adminfront: image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG} @@ -89,12 +93,13 @@ services: echo \"APP_ENV=stage\" >> /usr/share/nginx/html/assets/.env && cp /usr/share/nginx/html/assets/.env /usr/share/nginx/html/.env && nginx -g 'daemon off;'" + # [수정됨] Userfront도 넉넉하게 설정 healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5000/"] interval: 10s timeout: 5s - retries: 3 - start_period: 10s + retries: 5 + start_period: 30s infra_check: image: alpine From 3d3e6a0c9c3e6d26d5ec1cb97f48a65697f2c346 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 11:16:30 +0900 Subject: [PATCH 03/22] =?UTF-8?q?=EB=94=94=EB=B2=84=EA=B7=B8=EC=9A=A9=20?= =?UTF-8?q?=EB=AC=B8=EC=9E=A5=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 54 +++++++++++++++------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index a55b4aab..7bb4c065 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -45,15 +45,14 @@ jobs: # Sanity check if [ -z "${STAGE_USER}" ] || [ -z "${STAGE_HOST}" ] || [ -z "${DEPLOY_PATH}" ]; then - echo "::error::Missing required vars (STAGE_USER/STAGE_HOST/DEPLOY_PATH). Check Gitea repo variables." + echo "::error::Missing required vars (STAGE_USER/STAGE_HOST/DEPLOY_PATH)." exit 1 fi ssh-keyscan -H "${STAGE_HOST}" >> ~/.ssh/known_hosts - ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'" - # Create .env for Staging using a HEREDOC + # .env 파일 생성 cat <<'EOF' > .env APP_ENV=stage TZ=Asia/Seoul @@ -123,33 +122,25 @@ jobs: OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }} EOF - # 파일 복사 섹션: 설정 파일 누락 방지 - - # 1. docker 디렉토리 구조 생성 + # 파일 복사 ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p ${DEPLOY_PATH}/docker" - - # 2. 설정 파일들 재귀적 복사 (kratos/hydra/oathkeeper 설정 및 DB init 스크립트) - # 주의: 로컬에 docker/init-metadata 폴더가 없다면 에러가 날 수 있으니 확인 필요 + + # [중요] docker/ory 폴더 복사 (여기에 init-db/1-createdb.sql이 있어야 함) scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" - # DB 초기화 스크립트가 있다면 복사 (없다면 주석 처리) if [ -d "docker/init-metadata" ]; then scp -r docker/init-metadata "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" fi - # Gateway 소스 (빌드 컨텍스트가 필요한 경우) if [ -d "gateway" ]; then scp -r gateway "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" fi - # 3. Compose 파일 및 .env 복사 scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml" scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml" - # ------------------------------------------------------------------- - # Deploy 실행 - # ------------------------------------------------------------------- + # 배포 실행 echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \ "export DEPLOY_PATH='${DEPLOY_PATH}'; \ export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \ @@ -159,18 +150,33 @@ jobs: export IMAGE_TAG='${IMAGE_TAG}'; \ export HARBOR_ENDPOINT='${HARBOR_ENDPOINT}'; \ export HARBOR_ROBOT_ACCOUNT='${HARBOR_ROBOT_ACCOUNT}'; \ - set -e; \ cd \"\${DEPLOY_PATH}\"; \ docker login \"\${HARBOR_ENDPOINT}\" -u \"\${HARBOR_ROBOT_ACCOUNT}\" --password-stdin; \ - set -a; \ - . ./.env; \ - set +a; \ - for net in baron_net public_net ory-net hydranet kratosnet; do - docker network inspect \"\$net\" >/dev/null 2>&1 || docker network create \"\$net\" - done + set -a; . ./.env; set +a; \ + + # 네트워크 생성 + for net in baron_net public_net ory-net hydranet kratosnet; do + docker network inspect \"\$net\" >/dev/null 2>&1 || docker network create \"\$net\" + done envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \ + + # [중요] 설정 파일 권한 문제 해결 (Ory 이미지는 root가 아닌 사용자로 실행됨) + chmod -R 777 docker/ory - # Pull & Up docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \ - docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans" \ No newline at end of file + + # [주의] DB 초기화 스크립트는 '새로운 볼륨'에서만 실행됨. + # DB 초기화 문제를 확실히 해결하기 위해 기존 볼륨을 날리고 다시 띄움 (데이터 삭제됨 주의) + # 스테이징이므로 초기화 진행. 데이터 보존이 필요하면 이 줄 제거하고 수동으로 DB 만들어야 함. + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml down -v || true + + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans; \ + + # 배포 후 상태 확인 (실패 시 로그 출력을 위함) + sleep 10; \ + if [ \$(docker inspect -f '{{.State.ExitCode}}' baron-sso-staging-kratos-migrate-1) -ne 0 ]; then \ + echo 'Kratos Migrate Failed. Logs:'; \ + docker logs baron-sso-staging-kratos-migrate-1; \ + exit 1; \ + fi" \ No newline at end of file From 7f0a44e4ee5b57d17909c2d78df99e9cac7cd456 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 11:21:15 +0900 Subject: [PATCH 04/22] =?UTF-8?q?sql=20command=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/compose.ory.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index a91a6038..a3c6ba15 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -31,7 +31,7 @@ services: - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos - command: migrate sql -c /etc/config/kratos/kratos.yml --yes + command: migrate sql up -c /etc/config/kratos/kratos.yml --yes depends_on: postgres_ory: condition: service_healthy @@ -62,7 +62,7 @@ services: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 - command: migrate sql -e --yes + command: migrate sql up -e --yes depends_on: postgres_ory: condition: service_healthy From eb34d387adf13a17ed05885ed322650684e0fe53 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 11:26:15 +0900 Subject: [PATCH 05/22] -e add --- docker/compose.ory.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index a3c6ba15..f5f71a25 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -31,7 +31,7 @@ services: - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos - command: migrate sql up -c /etc/config/kratos/kratos.yml --yes + command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes depends_on: postgres_ory: condition: service_healthy From 5d66e983cd3efdfdee624f07bfc4ca8f71652009 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 13:08:18 +0900 Subject: [PATCH 06/22] =?UTF-8?q?=ED=99=98=EA=B2=BD=EB=B3=80=EC=88=98=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 14 +++- docker/docker-compose.staging.template.yaml | 85 +++++++++++---------- 2 files changed, 59 insertions(+), 40 deletions(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 7bb4c065..e13d5543 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -57,19 +57,31 @@ jobs: APP_ENV=stage TZ=Asia/Seoul IDP_PROVIDER=ory + + # DB & Clickhouse DB_PORT=${{ vars.DB_PORT }} CLICKHOUSE_PORT_HTTP=${{ vars.CLICKHOUSE_PORT_HTTP }} CLICKHOUSE_PORT_NATIVE=${{ vars.CLICKHOUSE_PORT_NATIVE }} + CLICKHOUSE_HOST=baron_clickhouse + CLICKHOUSE_USER=${{ vars.CLICKHOUSE_USER }} + CLICKHOUSE_PASSWORD=${{ vars.CLICKHOUSE_PASSWORD }} + + BACKEND_PORT=${{ vars.BACKEND_PORT }} ADMINFRONT_PORT=${{ vars.ADMINFRONT_PORT }} DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }} USERFRONT_PORT=${{ vars.USERFRONT_PORT }} + + # [추가] Oathkeeper 명시적 URL (컨테이너 이름 사용) + OATHKEEPER_API_URL=http://ory_oathkeeper:4456 + + DB_USER=${{ vars.DB_USER }} DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }} DB_NAME=${{ vars.DB_NAME }} COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }} JWT_SECRET=${{ secrets.STG_JWT_SECRET }} - REDIS_ADDR=${{ vars.REDIS_ADDR }} + REDIS_ADDR=$(echo "${{ vars.REDIS_ADDR }}" | tr -d '"') CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }} AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000 diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index a5057122..dc9f8048 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -2,45 +2,52 @@ name: baron-sso-staging services: backend: - image: ${BACKEND_IMAGE_NAME}:${IMAGE_TAG} - container_name: baron_backend - restart: unless-stopped - env_file: - - .env - environment: - - APP_ENV=stage - - GO_ENV=stage - - COOKIE_SECRET="${COOKIE_SECRET}" - - DB_HOST=postgres - - CLICKHOUSE_HOST=clickhouse - - CLICKHOUSE_PORT="${CLICKHOUSE_PORT_NATIVE:-9000}" - - CLICKHOUSE_USER="${CLICKHOUSE_USER:-baron}" - - CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-password}" - - USERFRONT_URL="${USERFRONT_URL:-https://sso.hmac.kr}" - - REDIS_ADDR="${REDIS_ADDR:-redis:6389}" - - IDP_PROVIDER=ory - - KRATOS_ADMIN_URL="${KRATOS_ADMIN_URL:-http://ory_kratos:4434}" - - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" - - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" - - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" - # Oathkeeper URL이 필요하다면 명시 (일반적으로 내부 DNS 사용시 불필요하나 확실히 하기 위해) - - OATHKEEPER_API_URL=http://ory_oathkeeper:4456 - ports: - - "${BACKEND_PORT:-3000}:3000" - depends_on: - infra_check: - condition: service_started - networks: - - baron_net - - ory-net - - # [수정됨] Healthcheck 시간을 넉넉하게 늘림 - healthcheck: - test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"] - interval: 10s - timeout: 5s - retries: 10 # 3회 -> 10회 (최대 10번 재시도) - start_period: 60s # 10초 -> 60초 (처음 1분간은 실패해도 봐줌) + image: ${BACKEND_IMAGE_NAME}:${IMAGE_TAG} + container_name: baron_backend + restart: unless-stopped + env_file: + - .env + environment: + - APP_ENV=stage + - GO_ENV=stage + - COOKIE_SECRET="${COOKIE_SECRET}" + + # [수정] Infra Compose의 컨테이너 이름과 일치 + - DB_HOST=baron_postgres + - CLICKHOUSE_HOST=baron_clickhouse + + # [수정] 포트 변수 확실하게 매핑 (기본값 9000) + - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} + - CLICKHOUSE_USER="${CLICKHOUSE_USER:-baron}" + - CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-password}" + + - USERFRONT_URL="${USERFRONT_URL:-https://sso.hmac.kr}" + - REDIS_ADDR="${REDIS_ADDR:-baron_redis:6389}" + - IDP_PROVIDER=ory + + # Ory Service URLs + - KRATOS_ADMIN_URL="${KRATOS_ADMIN_URL:-http://ory_kratos:4434}" + - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" + - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" + + # [추가] Oathkeeper URL 명시 (DNS 문제 해결) + - OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} + + - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" + ports: + - "${BACKEND_PORT:-3000}:3000" + depends_on: + infra_check: + condition: service_started + networks: + - baron_net + - ory-net + healthcheck: + test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"] + interval: 10s + timeout: 5s + retries: 10 + start_period: 60s adminfront: image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG} From 561ae56cbb358a83b9ce5afe6083d78b1366690b Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 13:52:05 +0900 Subject: [PATCH 07/22] =?UTF-8?q?depends=5Fon=20=EC=A1=B0=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/docker-compose.staging.template.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index dc9f8048..1416f761 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -31,12 +31,14 @@ services: - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" # [추가] Oathkeeper URL 명시 (DNS 문제 해결) - - OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} - + #- OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} + - OATHKEEPER_API_URL=http://ory_oathkeeper:4456 - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" ports: - "${BACKEND_PORT:-3000}:3000" depends_on: + ory_oathkeeper: + condition: service_healthy infra_check: condition: service_started networks: From 880287088fdce76625f0434c914b5319ace3851c Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 13:56:48 +0900 Subject: [PATCH 08/22] =?UTF-8?q?oathkeeper=20=EC=9D=B4=EB=A6=84=20?= =?UTF-8?q?=ED=86=B5=EC=9D=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/compose.ory.yaml | 2 +- docker/docker-compose.staging.template.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index f5f71a25..3b89401d 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -91,7 +91,7 @@ services: # [수정됨] Oathkeeper 서비스 추가 (Backend 연결 문제 해결) oathkeeper: image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6} - container_name: ory_oathkeeper + container_name: oathkeeper restart: unless-stopped depends_on: kratos: diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index 1416f761..af74ecd5 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -37,7 +37,7 @@ services: ports: - "${BACKEND_PORT:-3000}:3000" depends_on: - ory_oathkeeper: + oathkeeper: condition: service_healthy infra_check: condition: service_started From c7c4eb1b822c862fccf883a524ec2cdce7326eea Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 14:27:05 +0900 Subject: [PATCH 09/22] =?UTF-8?q?Oathkeeper=20=EB=AA=85=EC=8B=9C=EC=A0=81?= =?UTF-8?q?=20URL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index e13d5543..87197e90 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -73,7 +73,7 @@ jobs: USERFRONT_PORT=${{ vars.USERFRONT_PORT }} # [추가] Oathkeeper 명시적 URL (컨테이너 이름 사용) - OATHKEEPER_API_URL=http://ory_oathkeeper:4456 + OATHKEEPER_API_URL=http://oathkeeper:4456 DB_USER=${{ vars.DB_USER }} From c5f9445d67f8ac972f5aaf6c892c6190101eae79 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 14:27:28 +0900 Subject: [PATCH 10/22] nginx 5000 fix --- .gitea/workflows/build_RC.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.gitea/workflows/build_RC.yml b/.gitea/workflows/build_RC.yml index 15cb53df..c0709781 100644 --- a/.gitea/workflows/build_RC.yml +++ b/.gitea/workflows/build_RC.yml @@ -106,11 +106,6 @@ jobs: provenance: false sbom: false - - name: Temporarily update userfront nginx port - run: | - sed -i 's/listen 5000;/listen 80;/g' userfront/nginx.conf - sed -i 's/proxy_pass http:\/\/baron_backend:3000;/proxy_pass http:\/\/baron_backend:3010;/g' userfront/nginx.conf - - name: Build and push userfront RC image uses: docker/build-push-action@v5 with: From 0e88bc3986cfb1dbe417ef94c74bef550f72a777 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 14:32:21 +0900 Subject: [PATCH 11/22] =?UTF-8?q?=EC=A4=91=EB=B3=B5=20=09"github.com/coreo?= =?UTF-8?q?s/go-oidc/v3/oidc"=20=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/internal/service/federation_service.go | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/internal/service/federation_service.go b/backend/internal/service/federation_service.go index a32b5c09..8c1ca020 100644 --- a/backend/internal/service/federation_service.go +++ b/backend/internal/service/federation_service.go @@ -8,7 +8,6 @@ import ( "fmt" "time" - "github.com/coreos/go-oidc/v3/oidc" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) From 2ca612da7fab92618138bd9fb5f78f68f44bdfa4 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 14:32:52 +0900 Subject: [PATCH 12/22] =?UTF-8?q?oathkeeper=20url=20r=EA=B3=A0=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/docker-compose.staging.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index af74ecd5..a85f5b30 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -32,7 +32,7 @@ services: # [추가] Oathkeeper URL 명시 (DNS 문제 해결) #- OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} - - OATHKEEPER_API_URL=http://ory_oathkeeper:4456 + - OATHKEEPER_API_URL=http://oathkeeper:4456 - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" ports: - "${BACKEND_PORT:-3000}:3000" From 440785dfe894502e40954cfd308a61bab27b3ac2 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 16:58:36 +0900 Subject: [PATCH 13/22] =?UTF-8?q?=ED=99=98=EA=B2=BD=EB=B3=80=EC=88=98=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 87197e90..1dcf47bd 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -54,7 +54,7 @@ jobs: # .env 파일 생성 cat <<'EOF' > .env - APP_ENV=stage + APP_ENV=${{ vars.APP_ENV }} TZ=Asia/Seoul IDP_PROVIDER=ory @@ -72,9 +72,7 @@ jobs: DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }} USERFRONT_PORT=${{ vars.USERFRONT_PORT }} - # [추가] Oathkeeper 명시적 URL (컨테이너 이름 사용) - OATHKEEPER_API_URL=http://oathkeeper:4456 - + OATHKEEPER_API_URL={{ vars.OATHKEEPER_API_URL }} DB_USER=${{ vars.DB_USER }} DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }} @@ -85,7 +83,7 @@ jobs: CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }} AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000 - PROFILE_CACHE_TTL=${{ vars.PROFILE_CACHE_TTL }} + PROFILE_CACHE_TTL=30m DESCOPE_PROJECT_ID=${{ vars.DESCOPE_PROJECT_ID }} DESCOPE_MANAGEMENT_KEY=${{ secrets.DESCOPE_MANAGEMENT_KEY }} DESCOPE_TEST_ACCOUNT=${{ vars.DESCOPE_TEST_ACCOUNT }} @@ -130,8 +128,8 @@ jobs: OATHKEEPER_HEALTH_ENABLED=${{ vars.OATHKEEPER_HEALTH_ENABLED }} CSRF_COOKIE_NAME=${{ vars.CSRF_COOKIE_NAME }} CSRF_COOKIE_SECRET=${{ secrets.STG_CSRF_COOKIE_SECRET }} - OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }} - OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }} + # OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }} + # OATHKEEPER_INTROSPECT_CLIENT_SECRET=${{ secrets.STG_OATHKEEPER_INTROSPECT_CLIENT_SECRET }} EOF # 파일 복사 From c5dc531f1be3ba53b3f38f2cc94ee4bd28503a81 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 17:26:31 +0900 Subject: [PATCH 14/22] =?UTF-8?q?=EC=95=88=EC=93=B0=EB=8A=94=20=EB=B3=80?= =?UTF-8?q?=EC=88=98=20=EB=B9=84=ED=99=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/docker-compose.staging.template.yaml | 25 ++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index a85f5b30..bb3df861 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -8,27 +8,26 @@ services: env_file: - .env environment: - - APP_ENV=stage - - GO_ENV=stage - - COOKIE_SECRET="${COOKIE_SECRET}" - + + # - COOKIE_SECRET="${COOKIE_SECRET}" + # [수정] Infra Compose의 컨테이너 이름과 일치 - DB_HOST=baron_postgres - - CLICKHOUSE_HOST=baron_clickhouse + # - CLICKHOUSE_HOST=baron_clickhouse # [수정] 포트 변수 확실하게 매핑 (기본값 9000) - - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} - - CLICKHOUSE_USER="${CLICKHOUSE_USER:-baron}" - - CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-password}" + # - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} + # - CLICKHOUSE_USER="${CLICKHOUSE_USER:-baron}" + # - CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-password}" - - USERFRONT_URL="${USERFRONT_URL:-https://sso.hmac.kr}" - - REDIS_ADDR="${REDIS_ADDR:-baron_redis:6389}" + # - USERFRONT_URL="${USERFRONT_URL:-https://sso.hmac.kr}" + # - REDIS_ADDR="${REDIS_ADDR:-baron_redis:6389}" - IDP_PROVIDER=ory # Ory Service URLs - - KRATOS_ADMIN_URL="${KRATOS_ADMIN_URL:-http://ory_kratos:4434}" - - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" - - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" + # - KRATOS_ADMIN_URL="${KRATOS_ADMIN_URL:-http://ory_kratos:4434}" + # - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" + # - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" # [추가] Oathkeeper URL 명시 (DNS 문제 해결) #- OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} From abba85af7588ff05f297093fc57559a94e08ef38 Mon Sep 17 00:00:00 2001 From: chan Date: Mon, 9 Feb 2026 17:40:51 +0900 Subject: [PATCH 15/22] =?UTF-8?q?""=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/compose.ory.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/compose.ory.yaml b/docker/compose.ory.yaml index 3b89401d..7b58b802 100644 --- a/docker/compose.ory.yaml +++ b/docker/compose.ory.yaml @@ -74,10 +74,10 @@ services: container_name: ory_hydra environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 - - URLS_SELF_ISSUER="${USERFRONT_URL:-http://localhost:5000}/oidc" - - URLS_LOGIN="${USERFRONT_URL:-http://localhost:5000}/login" - - URLS_CONSENT="${USERFRONT_URL:-http://localhost:5000}/consent" - - SECRETS_SYSTEM="${ORY_POSTGRES_PASSWORD}" + - URLS_SELF_ISSUER=${USERFRONT_URL:-http://localhost:5000}/oidc + - URLS_LOGIN=${USERFRONT_URL:-http://localhost:5000}/login + - URLS_CONSENT=${USERFRONT_URL:-http://localhost:5000}/consent + - SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD} volumes: - ./docker/ory/hydra:/etc/config/hydra command: serve -c /etc/config/hydra/hydra.yml all --dev From 27248cfa5392ff1fe293f6821103aa7dd8422ee3 Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 09:34:41 +0900 Subject: [PATCH 16/22] =?UTF-8?q?$=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/docker-compose.staging.template.yaml | 28 +++------------------ 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml index bb3df861..e23578c5 100644 --- a/docker/docker-compose.staging.template.yaml +++ b/docker/docker-compose.staging.template.yaml @@ -8,29 +8,8 @@ services: env_file: - .env environment: - - # - COOKIE_SECRET="${COOKIE_SECRET}" - - # [수정] Infra Compose의 컨테이너 이름과 일치 - DB_HOST=baron_postgres - # - CLICKHOUSE_HOST=baron_clickhouse - - # [수정] 포트 변수 확실하게 매핑 (기본값 9000) - # - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} - # - CLICKHOUSE_USER="${CLICKHOUSE_USER:-baron}" - # - CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-password}" - - # - USERFRONT_URL="${USERFRONT_URL:-https://sso.hmac.kr}" - # - REDIS_ADDR="${REDIS_ADDR:-baron_redis:6389}" - IDP_PROVIDER=ory - - # Ory Service URLs - # - KRATOS_ADMIN_URL="${KRATOS_ADMIN_URL:-http://ory_kratos:4434}" - # - HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://ory_hydra:4445}" - # - HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}" - - # [추가] Oathkeeper URL 명시 (DNS 문제 해결) - #- OATHKEEPER_API_URL=${OATHKEEPER_API_URL:-http://ory_oathkeeper:4456} - OATHKEEPER_API_URL=http://oathkeeper:4456 - PROFILE_CACHE_TTL="${PROFILE_CACHE_TTL:-30m}" ports: @@ -96,12 +75,11 @@ services: condition: service_healthy command: > /bin/sh -c "mkdir -p /usr/share/nginx/html/assets && - echo \"BACKEND_URL=$${BACKEND_URL}\" >> /usr/share/nginx/html/assets/.env && - echo \"USERFRONT_URL=$${USERFRONT_URL}\" >> /usr/share/nginx/html/assets/.env && + echo \"BACKEND_URL=${BACKEND_URL}\" >> /usr/share/nginx/html/assets/.env && + echo \"USERFRONT_URL=${USERFRONT_URL}\" >> /usr/share/nginx/html/assets/.env && echo \"APP_ENV=stage\" >> /usr/share/nginx/html/assets/.env && cp /usr/share/nginx/html/assets/.env /usr/share/nginx/html/.env && nginx -g 'daemon off;'" - # [수정됨] Userfront도 넉넉하게 설정 healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5000/"] interval: 10s @@ -124,4 +102,4 @@ networks: name: ory-net public_net: external: true - name: public_net \ No newline at end of file + name: public_net From 93f6182ccefabe06a373822fd0144dd1b4433f9b Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 09:56:28 +0900 Subject: [PATCH 17/22] =?UTF-8?q?$=EB=B9=A0=EC=A7=84=EA=B1=B0=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 1dcf47bd..d0bc5a54 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -72,7 +72,7 @@ jobs: DEVFRONT_PORT=${{ vars.DEVFRONT_PORT }} USERFRONT_PORT=${{ vars.USERFRONT_PORT }} - OATHKEEPER_API_URL={{ vars.OATHKEEPER_API_URL }} + OATHKEEPER_API_URL=${{ vars.OATHKEEPER_API_URL }} DB_USER=${{ vars.DB_USER }} DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }} From 0d3aac0a588ca79c124f5e697347b29b3e172906 Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 09:56:48 +0900 Subject: [PATCH 18/22] =?UTF-8?q?$=EA=B8=B0=ED=98=B8=20=20=20=20=20?= =?UTF-8?q?=EC=A0=95=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- userfront/lib/core/services/auth_proxy_service.dart | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/userfront/lib/core/services/auth_proxy_service.dart b/userfront/lib/core/services/auth_proxy_service.dart index d5178f06..8d0f5958 100644 --- a/userfront/lib/core/services/auth_proxy_service.dart +++ b/userfront/lib/core/services/auth_proxy_service.dart @@ -13,7 +13,11 @@ class AuthProxyService { return dotenv.env[key] ?? fallback; } - static String get _baseUrl => _envOrDefault('BACKEND_URL', 'https://sso.hmac.kr'); + static String get _baseUrl { + final rawUrl = _envOrDefault('BACKEND_URL', 'https://sso.hmac.kr'); + // 배포 환경에서 $ 기호나 공백이 섞여 들어오는 경우를 방지하기 위해 정제합니다. + return rawUrl.replaceAll('$', '').trim().replaceAll(RegExp(r'/$'), ''); + } static bool get _isProd { final env = _envOrDefault('APP_ENV', 'dev').toLowerCase(); return env == 'prod' || env == 'production'; From f0cd60bf56d32723d798c5550b8b419b3804cb1a Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 10:03:39 +0900 Subject: [PATCH 19/22] =?UTF-8?q?=EB=AC=B8=EB=B2=95=20=EC=98=A4=EB=A5=98?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- userfront/lib/core/services/auth_proxy_service.dart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/userfront/lib/core/services/auth_proxy_service.dart b/userfront/lib/core/services/auth_proxy_service.dart index 8d0f5958..50658953 100644 --- a/userfront/lib/core/services/auth_proxy_service.dart +++ b/userfront/lib/core/services/auth_proxy_service.dart @@ -16,7 +16,7 @@ class AuthProxyService { static String get _baseUrl { final rawUrl = _envOrDefault('BACKEND_URL', 'https://sso.hmac.kr'); // 배포 환경에서 $ 기호나 공백이 섞여 들어오는 경우를 방지하기 위해 정제합니다. - return rawUrl.replaceAll('$', '').trim().replaceAll(RegExp(r'/$'), ''); + return rawUrl.replaceAll(r'$', '').trim().replaceAll(RegExp(r'/$'), ''); } static bool get _isProd { final env = _envOrDefault('APP_ENV', 'dev').toLowerCase(); From a1ece93a5c7bc798ff7332568a986953a378c7de Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 10:17:46 +0900 Subject: [PATCH 20/22] =?UTF-8?q?REDIS=5FADDR=20=EB=AC=B8=EB=B2=95=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index d0bc5a54..8edb40f6 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -79,7 +79,7 @@ jobs: DB_NAME=${{ vars.DB_NAME }} COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }} JWT_SECRET=${{ secrets.STG_JWT_SECRET }} - REDIS_ADDR=$(echo "${{ vars.REDIS_ADDR }}" | tr -d '"') + REDIS_ADDR=${{ vars.REDIS_ADDR }} CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }} AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000 From b3371f48bbc3774b185e4cb25606850adb7fb44d Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 10:30:44 +0900 Subject: [PATCH 21/22] CLICKHOUSE_HOST add --- .gitea/workflows/staging_release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 8edb40f6..17d0c910 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -62,7 +62,7 @@ jobs: DB_PORT=${{ vars.DB_PORT }} CLICKHOUSE_PORT_HTTP=${{ vars.CLICKHOUSE_PORT_HTTP }} CLICKHOUSE_PORT_NATIVE=${{ vars.CLICKHOUSE_PORT_NATIVE }} - CLICKHOUSE_HOST=baron_clickhouse + CLICKHOUSE_HOST=${{ vars.CLICKHOUSE_HOST }} CLICKHOUSE_USER=${{ vars.CLICKHOUSE_USER }} CLICKHOUSE_PASSWORD=${{ vars.CLICKHOUSE_PASSWORD }} @@ -79,7 +79,7 @@ jobs: DB_NAME=${{ vars.DB_NAME }} COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }} JWT_SECRET=${{ secrets.STG_JWT_SECRET }} - REDIS_ADDR=${{ vars.REDIS_ADDR }} +1 REDIS_ADDR=${{ vars.REDIS_ADDR }} CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }} AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000 From 3a05ba94e015797a8b8e6d955fcdc21bd9b0ee37 Mon Sep 17 00:00:00 2001 From: chan Date: Tue, 10 Feb 2026 10:32:07 +0900 Subject: [PATCH 22/22] 1 del --- .gitea/workflows/staging_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 17d0c910..b159d96b 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -79,7 +79,7 @@ jobs: DB_NAME=${{ vars.DB_NAME }} COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }} JWT_SECRET=${{ secrets.STG_JWT_SECRET }} -1 REDIS_ADDR=${{ vars.REDIS_ADDR }} + REDIS_ADDR=${{ vars.REDIS_ADDR }} CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }} AUDIT_WORKER_COUNT=5 AUDIT_QUEUE_SIZE=2000