Merge branch 'dev' into feature/staging-healthcheck-monitoring

2026-06-09 13:57:37 +09:00
parent 2671ebda27 f726463a6c
commit f61c56cfde
70 changed files with 4788 additions and 467 deletions
--- a/docker/backup-tools/Dockerfile
+++ b/docker/backup-tools/Dockerfile
@@ -0,0 +1,24 @@
+FROM debian:trixie-slim
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        bash \
+        ca-certificates \
+        coreutils \
+        curl \
+        docker-cli \
+        findutils \
+        git \
+        grep \
+        jq \
+        openssl \
+        perl \
+        postgresql-client \
+        sed \
+        tar \
+        util-linux \
+        zstd \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /workspace
+CMD ["/bin/bash"]
--- a/docker/compose.ory.yaml
+++ b/docker/compose.ory.yaml
@@ -182,22 +182,13 @@ services:
            - ory-net

    init-rp:
-        image: alpine:latest
+        image: oryd/hydra:${HYDRA_CLI_VERSION:-v26.2.0}
        container_name: init-rp
        env_file:
            - ../.env
+        entrypoint: ["/bin/sh", "-ec"]
        command:
-            - /bin/sh
-            - -ec
            - |
-                apk add --no-cache curl tar
-                HYDRA_CLI_VERSION="$${HYDRA_VERSION:-v26.2.0}"
-                HYDRA_CLI_VERSION="$${HYDRA_CLI_VERSION%-distroless}"
-                HYDRA_CLI_ARCHIVE_VERSION="$${HYDRA_CLI_VERSION#v}"
-                curl -fsSLo /tmp/hydra.tar.gz "https://github.com/ory/hydra/releases/download/$${HYDRA_CLI_VERSION}/hydra_$${HYDRA_CLI_ARCHIVE_VERSION}-linux_64bit.tar.gz"
-                tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
-                rm /tmp/hydra.tar.gz
-
                echo "Creating/Updating OAuth2 Clients..."

                hydra create oauth2-client \
--- a/docker/staging_pull_compose.template.yaml
+++ b/docker/staging_pull_compose.template.yaml
@@ -79,6 +79,7 @@ services:
    postgres_ory:
        image: postgres:${ORY_POSTGRES_TAG:-17-alpine}
        container_name: ory_postgres
+        restart: unless-stopped
        environment:
            - POSTGRES_USER=${ORY_POSTGRES_USER:-ory}
            - POSTGRES_PASSWORD=${ORY_POSTGRES_PASSWORD:-secret}
@@ -125,6 +126,7 @@ services:
    kratos:
        image: oryd/kratos:${KRATOS_VERSION:-v26.2.0}
        container_name: ory_kratos
+        restart: unless-stopped
        environment:
            - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20
            - COOKIE_SECRET=${COOKIE_SECRET:-localcookie123}
@@ -163,6 +165,7 @@ services:
    hydra:
        image: oryd/hydra:${HYDRA_VERSION:-v26.2.0}
        container_name: ory_hydra
+        restart: unless-stopped
        environment:
            - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20
            - URLS_SELF_ISSUER=${HYDRA_PUBLIC_URL}
@@ -196,6 +199,7 @@ services:
    keto:
        image: oryd/keto:${KETO_VERSION:-v26.2.0}
        container_name: ory_keto
+        restart: unless-stopped
        environment:
            - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
        volumes:
@@ -255,6 +259,7 @@ services:
    ory_clickhouse:
        image: clickhouse/clickhouse-server:latest
        container_name: ory_clickhouse
+        restart: unless-stopped
        environment:
            - CLICKHOUSE_USER=${ORY_CLICKHOUSE_USER:-ory}
            - CLICKHOUSE_PASSWORD=${ORY_CLICKHOUSE_PASSWORD:-orypass}
@@ -301,21 +306,12 @@ services:
            - ory-net

    init-rp:
-        image: alpine:latest
+        image: oryd/hydra:${HYDRA_CLI_VERSION:-v26.2.0}
        env_file:
            - .env
+        entrypoint: ["/bin/sh", "-ec"]
        command:
-            - /bin/sh
-            - -ec
            - |
-                apk add --no-cache curl tar
-                HYDRA_CLI_VERSION="$${HYDRA_VERSION:-v26.2.0}"
-                HYDRA_CLI_VERSION="$${HYDRA_CLI_VERSION%-distroless}"
-                HYDRA_CLI_ARCHIVE_VERSION="$${HYDRA_CLI_VERSION#v}"
-                curl -fsSLo /tmp/hydra.tar.gz "https://github.com/ory/hydra/releases/download/$${HYDRA_CLI_VERSION}/hydra_$${HYDRA_CLI_ARCHIVE_VERSION}-linux_64bit.tar.gz"
-                tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
-                rm /tmp/hydra.tar.gz
-
                # Function to create or update OAuth2 client (Idempotency)
                upsert_client() {
                  ID=$$1
@@ -369,6 +365,7 @@ services:
            context: ./backend
            dockerfile: Dockerfile
        container_name: baron_backend
+        restart: unless-stopped
        env_file:
            - .env
        environment:
@@ -433,6 +430,7 @@ services:
                VITE_OIDC_CLIENT_ID: adminfront
                ORGFRONT_URL: ${ORGFRONT_URL:-}
        container_name: baron_adminfront
+        restart: unless-stopped
        env_file:
            - .env
        environment:
@@ -458,6 +456,7 @@ services:
                VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY:-}
                VITE_OIDC_CLIENT_ID: devfront
        container_name: baron_devfront
+        restart: unless-stopped
        env_file:
            - .env
        environment:
@@ -483,6 +482,7 @@ services:
                VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY:-}
                VITE_OIDC_CLIENT_ID: orgfront
        container_name: baron_orgfront
+        restart: unless-stopped
        env_file:
            - .env
        environment:
@@ -505,6 +505,7 @@ services:
            context: .
            dockerfile: userfront/Dockerfile
        container_name: baron_userfront
+        restart: unless-stopped
        env_file:
            - .env
        environment: