From d1c5ad8d334bf75249cb8f1f03ca5bbeaa842117 Mon Sep 17 00:00:00 2001 From: kyy Date: Tue, 24 Mar 2026 10:03:00 +0900 Subject: [PATCH] =?UTF-8?q?=EB=B0=B0=ED=8F=AC=20=EC=8B=9C=20=EC=84=B8?= =?UTF-8?q?=EC=85=98=20=EC=9C=A0=EC=8B=A4=20=EB=B0=A9=EC=A7=80=EB=A5=BC=20?= =?UTF-8?q?=EC=9C=84=ED=95=9C=20=EC=9B=8C=ED=81=AC=ED=94=8C=EB=A1=9C?= =?UTF-8?q?=EC=9A=B0=20=EB=B0=8F=20RP=20=EC=B4=88=EA=B8=B0=ED=99=94=20?= =?UTF-8?q?=EB=A1=9C=EC=A7=81=20=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging_code_pull.yml | 9 +++----- docker/staging_pull_compose.template.yaml | 27 +++++++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.gitea/workflows/staging_code_pull.yml b/.gitea/workflows/staging_code_pull.yml index fc015f17..5ab178b0 100644 --- a/.gitea/workflows/staging_code_pull.yml +++ b/.gitea/workflows/staging_code_pull.yml @@ -87,8 +87,8 @@ jobs: ADMIN_EMAIL=${{ vars.ADMIN_EMAIL }} ADMIN_PASSWORD=${{ secrets.STG_ADMIN_PASSWORD }} USERFRONT_URL=${{ vars.USERFRONT_URL }} - ADMINFRONT_URL=${{ vars.DEVFRONT_URL }} - DEVFRONT_URL=${{ vars.ADMINFRONT_URL }} + ADMINFRONT_URL=${{ vars.ADMINFRONT_URL }} + DEVFRONT_URL=${{ vars.DEVFRONT_URL }} BACKEND_URL=${{ vars.BACKEND_URL }} OATHKEEPER_PUBLIC_URL=${{ vars.OATHKEEPER_PUBLIC_URL }} ORY_POSTGRES_TAG=${{ vars.ORY_POSTGRES_TAG }} @@ -163,14 +163,11 @@ jobs: docker compose -f staging_pull_compose.yaml pull - # [주의] DB 초기화 스크립트는 '새로운 볼륨'에서만 실행됨. - docker compose -f staging_pull_compose.yaml down || true - # 코드 변경 반영을 위해 build 수행 (userfront nginx.conf 등) docker compose -f staging_pull_compose.yaml build --pull docker compose -f staging_pull_compose.yaml up -d --remove-orphans - docker compose -f staging_pull_compose.yaml up -d --force-recreate init-rp + docker compose -f staging_pull_compose.yaml up -d init-rp # 배포 후 상태 확인 (실패 시 로그 출력을 위함) sleep 10 diff --git a/docker/staging_pull_compose.template.yaml b/docker/staging_pull_compose.template.yaml index 0430cab4..8172ea8f 100644 --- a/docker/staging_pull_compose.template.yaml +++ b/docker/staging_pull_compose.template.yaml @@ -275,13 +275,20 @@ services: tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra rm /tmp/hydra.tar.gz - hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true - hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true - hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true + # Function to create or update OAuth2 client (Idempotency) + upsert_client() { + ID=$1 + shift + if hydra get oauth2-client --endpoint http://hydra:4445 "$ID" >/dev/null 2>&1; then + echo "Updating existing client: $ID" + hydra update oauth2-client --endpoint http://hydra:4445 "$ID" "$@" + else + echo "Creating new client: $ID" + hydra create oauth2-client --endpoint http://hydra:4445 --id "$ID" "$@" + fi + } - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id adminfront \ + upsert_client "adminfront" \ --name "AdminFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ @@ -289,9 +296,7 @@ services: --token-endpoint-auth-method none \ --redirect-uri "$${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}" - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id devfront \ + upsert_client "devfront" \ --name "DevFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ @@ -299,9 +304,7 @@ services: --token-endpoint-auth-method none \ --redirect-uri "$${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}" - hydra create oauth2-client \ - --endpoint http://hydra:4445 \ - --id "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \ + upsert_client "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \ --secret "$${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}" \ --grant-type client_credentials \ --response-type token \