배포 시 세션 유실 방지를 위한 워크플로우 및 RP 초기화 로직 개선

.gitea/workflows/staging_code_pull.yml

@@ -87,8 +87,8 @@ jobs:
                   ADMIN_EMAIL=${{ vars.ADMIN_EMAIL }}
                   ADMIN_PASSWORD=${{ secrets.STG_ADMIN_PASSWORD }}
                   USERFRONT_URL=${{ vars.USERFRONT_URL }}
-                  ADMINFRONT_URL=${{ vars.DEVFRONT_URL }}
-                  DEVFRONT_URL=${{ vars.ADMINFRONT_URL }}
+                  ADMINFRONT_URL=${{ vars.ADMINFRONT_URL }}
+                  DEVFRONT_URL=${{ vars.DEVFRONT_URL }}
                   BACKEND_URL=${{ vars.BACKEND_URL }}
                   OATHKEEPER_PUBLIC_URL=${{ vars.OATHKEEPER_PUBLIC_URL }}
                   ORY_POSTGRES_TAG=${{ vars.ORY_POSTGRES_TAG }}
@@ -163,14 +163,11 @@ jobs:
 
                   docker compose -f staging_pull_compose.yaml pull
 
-                  # [주의] DB 초기화 스크립트는 '새로운 볼륨'에서만 실행됨.
-                  docker compose -f staging_pull_compose.yaml down || true
-
                   # 코드 변경 반영을 위해 build 수행 (userfront nginx.conf 등)
                   docker compose -f staging_pull_compose.yaml build --pull
 
                   docker compose -f staging_pull_compose.yaml up -d --remove-orphans
-                  docker compose -f staging_pull_compose.yaml up -d --force-recreate init-rp
+                  docker compose -f staging_pull_compose.yaml up -d init-rp
 
                   # 배포 후 상태 확인 (실패 시 로그 출력을 위함)
                   sleep 10

docker/staging_pull_compose.template.yaml

@@ -275,13 +275,20 @@ services:
         tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
         rm /tmp/hydra.tar.gz
 
-        hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
-        hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
-        hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true
+        # Function to create or update OAuth2 client (Idempotency)
+        upsert_client() {
+          ID=$1
+          shift
+          if hydra get oauth2-client --endpoint http://hydra:4445 "$ID" >/dev/null 2>&1; then
+            echo "Updating existing client: $ID"
+            hydra update oauth2-client --endpoint http://hydra:4445 "$ID" "$@"
+          else
+            echo "Creating new client: $ID"
+            hydra create oauth2-client --endpoint http://hydra:4445 --id "$ID" "$@"
+          fi
+        }
 
-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id adminfront \
+        upsert_client "adminfront" \
           --name "AdminFront" \
           --grant-type authorization_code,refresh_token \
           --response-type code \
@@ -289,9 +296,7 @@ services:
           --token-endpoint-auth-method none \
           --redirect-uri "$${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}"
 
-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id devfront \
+        upsert_client "devfront" \
           --name "DevFront" \
           --grant-type authorization_code,refresh_token \
           --response-type code \
@@ -299,9 +304,7 @@ services:
           --token-endpoint-auth-method none \
           --redirect-uri "$${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}"
 
-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \
+        upsert_client "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \
           --secret "$${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}" \
           --grant-type client_credentials \
           --response-type token \