production 푸시 초안

deploy/create-instance.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
+set -euo pipefail
 
 # =================================================================
-# Baron SSO 인스턴스 자동 생성 스크립트 (Full Infrastructure)
+# Baron SSO 인스턴스 자동 생성 스크립트 (전체 인프라 포함)
 # =================================================================
 
 if [ "$#" -ne 2 ]; then
@@ -12,7 +13,8 @@ fi
 INSTANCE_NAME=$1
 PORT_PREFIX=$2
 BASE_DIR=$(cd $(dirname $0); pwd)
-TARGET_DIR="${BASE_DIR}/../instances/${INSTANCE_NAME}"
+REPO_ROOT=$(cd "${BASE_DIR}/.." && pwd)
+TARGET_DIR="${TARGET_DIR:-${BASE_DIR}/../instances/${INSTANCE_NAME}}"
 
 echo "🚀 Creating instance: ${INSTANCE_NAME} (Port Prefix: ${PORT_PREFIX}xxx)"
 
@@ -32,6 +34,22 @@ mkdir -p "${TARGET_DIR}/orgfront"
 # 2. .env 생성 및 변수 로드
 sed "s/{{INSTANCE_NAME}}/${INSTANCE_NAME}/g; s/{{PORT_PREFIX}}/${PORT_PREFIX}/g" \
     "${BASE_DIR}/templates/.env.template" > "${TARGET_DIR}/.env"
+SOURCE_ROOT_ESCAPED=$(printf '%s\n' "$REPO_ROOT" | sed 's/[\/&]/\\&/g')
+sed -i "s/^SOURCE_ROOT=.*/SOURCE_ROOT=${SOURCE_ROOT_ESCAPED}/" "${TARGET_DIR}/.env"
+
+# 생성된 compose 파일을 실행하기 전에 Traefik public network가 있어야 합니다.
+TRAEFIK_PUBLIC_NETWORK=$(grep "^TRAEFIK_PUBLIC_NETWORK=" "${TARGET_DIR}/.env" | cut -d'=' -f2 | tr -d '\r')
+TRAEFIK_PUBLIC_NETWORK=${TRAEFIK_PUBLIC_NETWORK:-traefik-public}
+if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then
+    if ! docker network inspect "$TRAEFIK_PUBLIC_NETWORK" >/dev/null 2>&1; then
+        echo "Creating Docker network ${TRAEFIK_PUBLIC_NETWORK}..."
+        docker network create "$TRAEFIK_PUBLIC_NETWORK"
+    else
+        echo "Docker network ${TRAEFIK_PUBLIC_NETWORK} already exists."
+    fi
+else
+    echo "⚠️  docker command is unavailable or not accessible; skipping Traefik public network check."
+fi
 
 # 포트 계산 (단순 치환)
 BACKEND_PORT="${PORT_PREFIX}000"
@@ -44,21 +62,21 @@ ORGFRONT_DOMAIN="${INSTANCE_NAME}-org.${DOMAIN_SUFFIX}"
 # 3. Docker Compose & Config 복사 및 치환
 cp "${BASE_DIR}/templates/docker-compose.yaml" "${TARGET_DIR}/"
 
-# Gateway & UserFront Nginx
+# Gateway 및 UserFront Nginx
 sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/gateway/nginx.conf" > "${TARGET_DIR}/gateway/nginx.conf"
 sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/userfront/nginx.conf" > "${TARGET_DIR}/userfront/nginx.conf"
 
-# Oathkeeper Rules template
+# Oathkeeper 규칙 템플릿
 sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/ory/oathkeeper/rules.json" > "${TARGET_DIR}/ory/templates/oathkeeper/rules.json"
 cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.stage.json"
 cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.prod.json"
 cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.active.json"
 
-# Kratos Config template
+# Kratos 설정 템플릿
 sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g; s/{{USERFRONT_PORT}}/${USERFRONT_PORT}/g" \
     "${BASE_DIR}/templates/ory/kratos/kratos.yml.template" > "${TARGET_DIR}/ory/templates/kratos/kratos.yml.template"
 
-# Vite Configs
+# Vite 설정
 sed "s/{{ADMINFRONT_DOMAIN}}/${ADMINFRONT_DOMAIN}/g; s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" \
     "${BASE_DIR}/templates/adminfront/vite.config.ts" > "${TARGET_DIR}/adminfront/vite.config.ts"
 sed "s/{{DEVFRONT_DOMAIN}}/${DEVFRONT_DOMAIN}/g; s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" \
@@ -88,7 +106,7 @@ ORY_CONFIG_OUTPUT_DIR="${TARGET_DIR}/config/.generated/ory" \
     bash "${BASE_DIR}/../scripts/render_ory_config.sh"
 
 # 6. 마무리
-chmod +x "${TARGET_DIR}/.env"
+chmod 600 "${TARGET_DIR}/.env"
 
 echo "--------------------------------------------------"
 echo "✅ Success! ALL files (Infra/Ory/Apps/FrontConfigs) are ready."