diff --git a/.gitea/workflows/staging_code_pull.yml b/.gitea/workflows/staging_code_pull.yml index fc015f17..5ab178b0 100644 --- a/.gitea/workflows/staging_code_pull.yml +++ b/.gitea/workflows/staging_code_pull.yml @@ -87,8 +87,8 @@ jobs: ADMIN_EMAIL=${{ vars.ADMIN_EMAIL }} ADMIN_PASSWORD=${{ secrets.STG_ADMIN_PASSWORD }} USERFRONT_URL=${{ vars.USERFRONT_URL }} - ADMINFRONT_URL=${{ vars.DEVFRONT_URL }} - DEVFRONT_URL=${{ vars.ADMINFRONT_URL }} + ADMINFRONT_URL=${{ vars.ADMINFRONT_URL }} + DEVFRONT_URL=${{ vars.DEVFRONT_URL }} BACKEND_URL=${{ vars.BACKEND_URL }} OATHKEEPER_PUBLIC_URL=${{ vars.OATHKEEPER_PUBLIC_URL }} ORY_POSTGRES_TAG=${{ vars.ORY_POSTGRES_TAG }} @@ -163,14 +163,11 @@ jobs: docker compose -f staging_pull_compose.yaml pull - # [주의] DB 초기화 스크립트는 '새로운 볼륨'에서만 실행됨. - docker compose -f staging_pull_compose.yaml down || true - # 코드 변경 반영을 위해 build 수행 (userfront nginx.conf 등) docker compose -f staging_pull_compose.yaml build --pull docker compose -f staging_pull_compose.yaml up -d --remove-orphans - docker compose -f staging_pull_compose.yaml up -d --force-recreate init-rp + docker compose -f staging_pull_compose.yaml up -d init-rp # 배포 후 상태 확인 (실패 시 로그 출력을 위함) sleep 10 diff --git a/docker/staging_pull_compose.template.yaml b/docker/staging_pull_compose.template.yaml index 0430cab4..8172ea8f 100644 --- a/docker/staging_pull_compose.template.yaml +++ b/docker/staging_pull_compose.template.yaml @@ -275,13 +275,20 @@ services: tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra rm /tmp/hydra.tar.gz - hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true - hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true - hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true + # Function to create or update OAuth2 client (Idempotency) + upsert_client() { + ID=$1 + shift + if hydra get oauth2-client --endpoint http://hydra:4445 "$ID" >/dev/null 2>&1; then + echo "Updating existing client: $ID" + hydra update oauth2-client --endpoint http://hydra:4445 "$ID" "$@" + else + echo "Creating new client: $ID" + hydra create oauth2-client --endpoint http://hydra:4445 --id "$ID" "$@" + fi + } - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id adminfront \ + upsert_client "adminfront" \ --name "AdminFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ @@ -289,9 +296,7 @@ services: --token-endpoint-auth-method none \ --redirect-uri "$${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}" - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id devfront \ + upsert_client "devfront" \ --name "DevFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ @@ -299,9 +304,7 @@ services: --token-endpoint-auth-method none \ --redirect-uri "$${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}" - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \ + upsert_client "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \ --secret "$${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}" \ --grant-type client_credentials \ --response-type token \