build 검증 워크플로우

.gitea/workflows/staging_build_check.yml

@@ -0,0 +1,83 @@
+name: Staging Build Check
+
+on:
+    pull_request:
+        paths:
+            - ".gitea/workflows/staging_build_check.yml"
+            - "docker/staging_pull_compose.template.yaml"
+            - "adminfront/**"
+            - "devfront/**"
+            - "userfront/**"
+            - "backend/**"
+            - "common/**"
+            - "scripts/**"
+            - "locales/**"
+            - "package.json"
+            - "pnpm-lock.yaml"
+            - "pnpm-workspace.yaml"
+    workflow_dispatch:
+
+jobs:
+    build-check:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                    - service: adminfront
+                    - service: devfront
+                    - service: userfront
+                    - service: backend
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Prepare staging build inputs
+              run: |
+                  set -euo pipefail
+
+                  cat <<'EOF' > .env
+                  APP_ENV=stage
+                  TZ=Asia/Seoul
+                  IDP_PROVIDER=ory
+                  ADMINFRONT_URL=https://adminfront.staging.example.com
+                  DEVFRONT_URL=https://devfront.staging.example.com
+                  USERFRONT_URL=https://userfront.staging.example.com
+                  ORGFRONT_URL=https://orgfront.staging.example.com
+                  BACKEND_URL=https://backend.staging.example.com
+                  BACKEND_PUBLIC_URL=https://backend.staging.example.com
+                  VITE_OIDC_AUTHORITY=https://sso.staging.example.com/oidc
+                  WORKS_ADMIN_API_BASE_URL=https://works-admin.staging.example.com/api
+                  WORKS_ADMIN_OAUTH_TOKEN_URL=https://works-admin.staging.example.com/oauth/token
+                  ORY_POSTGRES_USER=ory
+                  ORY_POSTGRES_PASSWORD=ory-password
+                  COOKIE_SECRET=staging-build-cookie-secret
+                  JWT_SECRET=staging-build-jwt-secret
+                  NAVER_CLOUD_ACCESS_KEY=dummy
+                  NAVER_CLOUD_SECRET_KEY=dummy
+                  NAVER_CLOUD_SERVICE_ID=dummy
+                  NAVER_SENDER_PHONE_NUMBER=00000000000
+                  AWS_REGION=ap-northeast-2
+                  AWS_ACCESS_KEY_ID=dummy
+                  AWS_SECRET_ACCESS_KEY=dummy
+                  AWS_SES_SENDER=dummy@example.com
+                  REDIS_ADDR=redis:6389
+                  CLICKHOUSE_PORT_NATIVE=9000
+                  CLICKHOUSE_USER=baron
+                  CLICKHOUSE_PASSWORD=password
+                  HYDRA_PUBLIC_URL=https://hydra.staging.example.com
+                  KRATOS_BROWSER_URL=https://sso.staging.example.com
+                  KRATOS_ADMIN_URL=http://kratos:4434
+                  KRATOS_UI_URL=https://sso.staging.example.com
+                  EOF
+
+                  cp docker/staging_pull_compose.template.yaml staging_pull_compose.yaml
+
+            - name: Build ${{ matrix.service }} with staging compose
+              env:
+                  DOCKER_BUILDKIT: "1"
+                  COMPOSE_DOCKER_CLI_BUILD: "1"
+              run: |
+                  set -euo pipefail
+                  docker compose -f staging_pull_compose.yaml build --pull --progress=plain "${{ matrix.service }}"