From 57702fc672b5b0062b25521b95279d3f56091451 Mon Sep 17 00:00:00 2001 From: chan Date: Wed, 18 Mar 2026 17:05:19 +0900 Subject: [PATCH 1/2] fix: use non-distroless image for init-rp to allow shell execution --- docker/staging_pull_compose.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/staging_pull_compose.template.yaml b/docker/staging_pull_compose.template.yaml index 91e1ced1..d3f60502 100644 --- a/docker/staging_pull_compose.template.yaml +++ b/docker/staging_pull_compose.template.yaml @@ -263,7 +263,7 @@ services: - ory-net init-rp: - image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} + image: oryd/hydra:v25.4.0 env_file: - .env entrypoint: ["/bin/sh"] From ff37ad918a79d0ed2437c15320905c5c9861fc92 Mon Sep 17 00:00:00 2001 From: chan Date: Thu, 19 Mar 2026 09:22:35 +0900 Subject: [PATCH 2/2] fix: use alpine image and download hydra binary for init-rp to fix distroless shell issue --- docker/staging_pull_compose.template.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docker/staging_pull_compose.template.yaml b/docker/staging_pull_compose.template.yaml index d3f60502..01c6b86f 100644 --- a/docker/staging_pull_compose.template.yaml +++ b/docker/staging_pull_compose.template.yaml @@ -263,13 +263,18 @@ services: - ory-net init-rp: - image: oryd/hydra:v25.4.0 + image: alpine:latest env_file: - .env - entrypoint: ["/bin/sh"] command: + - /bin/sh - -ec - | + apk add --no-cache curl tar + curl -sLo /tmp/hydra.tar.gz https://github.com/ory/hydra/releases/download/v25.4.0/hydra_25.4.0-linux_64bit.tar.gz + tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra + rm /tmp/hydra.tar.gz + hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true @@ -281,7 +286,7 @@ services: --response-type code \ --scope openid,offline_access,profile,email \ --token-endpoint-auth-method none \ - --redirect-uri $${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback} + --redirect-uri "$${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}" hydra create oauth2-client \ --endpoint http://hydra:4445 \ @@ -290,12 +295,12 @@ services: --response-type code \ --scope openid,offline_access,profile,email \ --token-endpoint-auth-method none \ - --redirect-uri $${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback} + --redirect-uri "$${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}" hydra create oauth2-client \ --endpoint http://hydra:4445 \ - --id $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} \ - --secret $${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret} \ + --id "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \ + --secret "$${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}" \ --grant-type client_credentials \ --response-type token \ --scope openid,offline_access,profile,email