From a87f1d2ce9f3fb024bbab298b65c385a355e2600 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Fri, 6 Feb 2026 15:53:36 +0900
Subject: [PATCH] =?UTF-8?q?=EC=8A=A4=ED=85=8C=EC=9D=B4=EC=A7=95=EC=9A=A9?=
 =?UTF-8?q?=20=EB=8F=84=EC=BB=A4=20=ED=85=9C=ED=94=8C=EB=A6=BF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/staging_release.yml        |   1 -
 docker/docker-compose.staging.template.yaml | 125 ++++++++++++++++++++
 2 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 docker/docker-compose.staging.template.yaml

diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml
index f8511858..48c94d94 100644
--- a/.gitea/workflows/staging_release.yml
+++ b/.gitea/workflows/staging_release.yml
@@ -68,7 +68,6 @@ jobs:
             "DB_PASSWORD=${{ secrets.STG_DB_PASSWORD }}" \
             "DB_NAME=${{ vars.DB_NAME }}" \
             "COOKIE_SECRET=${{ secrets.STG_COOKIE_SECRET }}" \
-            "JWT_SECRET=${{ secrets.STG_JWT_SECRET }}" \
             "REDIS_ADDR=${{ vars.REDIS_ADDR }}" \
             "CORS_ALLOWED_ORIGINS=${{ vars.CORS_ALLOWED_ORIGINS }}" \
             "AUDIT_WORKER_COUNT=5" \
diff --git a/docker/docker-compose.staging.template.yaml b/docker/docker-compose.staging.template.yaml
new file mode 100644
index 00000000..d943d9e7
--- /dev/null
+++ b/docker/docker-compose.staging.template.yaml
@@ -0,0 +1,125 @@
+name: baron-sso-staging
+
+services:
+  backend:
+    image: ${BACKEND_IMAGE_NAME}:${IMAGE_TAG}
+    container_name: baron_backend
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - APP_ENV=stage # 스테이징 환경 명시
+      - COOKIE_SECRET=${COOKIE_SECRET}
+      - DB_HOST=postgres
+      - CLICKHOUSE_HOST=clickhouse
+      - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000}
+      - CLICKHOUSE_USER=${CLICKHOUSE_USER:-baron}
+      - CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password}
+      - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr}
+      - REDIS_ADDR=${REDIS_ADDR:-redis:6389}
+      - IDP_PROVIDER=${IDP_PROVIDER:-ory}
+      - KRATOS_ADMIN_URL=${KRATOS_ADMIN_URL:-http://ory_kratos:4434}
+      - HYDRA_ADMIN_URL=${HYDRA_ADMIN_URL:-http://ory_hydra:4445}
+      - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}
+      - PROFILE_CACHE_TTL=${PROFILE_CACHE_TTL:-30m}
+      - DESCOPE_PROJECT_ID=${DESCOPE_PROJECT_ID}
+      - DESCOPE_MANAGEMENT_KEY=${DESCOPE_MANAGEMENT_KEY}
+      - NAVER_CLOUD_ACCESS_KEY=${NAVER_CLOUD_ACCESS_KEY}
+      - NAVER_CLOUD_SECRET_KEY=${NAVER_CLOUD_SECRET_KEY}
+      - NAVER_CLOUD_SERVICE_ID=${NAVER_CLOUD_SERVICE_ID}
+      - NAVER_SENDER_PHONE_NUMBER=${NAVER_SENDER_PHONE_NUMBER}
+      - AWS_REGION=${AWS_REGION}
+      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+      - AWS_SES_SENDER=${AWS_SES_SENDER}
+    ports:
+      - "${BACKEND_PORT:-3000}:3000"
+    depends_on:
+      infra_check:
+        condition: service_healthy
+      ory_kratos: # Kratos SoT이므로 명시적 의존성 추가
+        condition: service_started
+      ory_hydra: # Hydra 의존성 추가
+        condition: service_started
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+    networks:
+      - baron_net
+      - ory-net
+
+  adminfront:
+    image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG}
+    container_name: baron_adminfront
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - APP_ENV=stage
+      - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000}
+      - ADMIN_EMAIL=${ADMIN_EMAIL}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
+    ports:
+      - "${ADMINFRONT_PORT:-5173}:5173"
+    networks:
+      - baron_net
+    depends_on:
+      backend:
+        condition: service_healthy
+
+  devfront:
+    image: ${DEVFRONT_IMAGE_NAME}:${IMAGE_TAG}
+    container_name: baron_devfront
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - APP_ENV=stage
+      - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000}
+    ports:
+      - "${DEVFRONT_PORT:-5174}:5173"
+    networks:
+      - baron_net
+    depends_on:
+      backend:
+        condition: service_healthy
+
+  userfront:
+    image: ${USERFRONT_IMAGE_NAME}:${IMAGE_TAG}
+    container_name: baron_userfront
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr}
+      - BACKEND_URL=${BACKEND_URL:-http://sso.hmac.kr/api}
+      - APP_ENV=stage
+      - OATHKEEPER_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL:-http://sso.hmac.kr}
+      - KRATOS_BROWSER_URL=${KRATOS_BROWSER_URL:-http://sso.hmac.kr/auth}
+      - KRATOS_UI_URL=${KRATOS_UI_URL:-http://sso.hmac.kr}
+      - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://sso.hmac.kr/oidc}
+    ports:
+      - "${USERFRONT_PORT:-5000}:80"
+    depends_on:
+      backend:
+        condition: service_healthy
+    networks:
+      - baron_net
+      - ory-net
+
+  infra_check:
+    image: alpine
+    command: ["echo", "Infrastructure assumed running"]
+    networks:
+      - baron_net
+
+networks:
+  baron_net:
+    external: true
+    name: baron_net
+  ory-net:
+    external: true
+    name: ory-net
\ No newline at end of file