#!/usr/bin/env bash set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" assert_contains() { local file="$1" local pattern="$2" if ! grep -Fq -- "$pattern" "$file"; then echo "ERROR: missing pattern in $file: $pattern" >&2 exit 1 fi } assert_not_contains() { local file="$1" local pattern="$2" if grep -Fq -- "$pattern" "$file"; then echo "ERROR: forbidden pattern remains in $file: $pattern" >&2 exit 1 fi } LOCAL_COMPOSE="$ROOT_DIR/docker-compose.yaml" STAGING_COMPOSE="$ROOT_DIR/docker/docker-compose.staging.template.yaml" PULL_COMPOSE="$ROOT_DIR/docker/staging_pull_compose.template.yaml" DEPLOY_TEMPLATE="$ROOT_DIR/deploy/templates/docker-compose.yaml" BUILD_RC="$ROOT_DIR/.gitea/workflows/build_RC.yml" CODE_CHECK="$ROOT_DIR/.gitea/workflows/code_check.yml" STAGING_RELEASE="$ROOT_DIR/.gitea/workflows/staging_release.yml" STAGING_PULL="$ROOT_DIR/.gitea/workflows/staging_code_pull.yml" ORGFRONT_VITE="$ROOT_DIR/orgfront/vite.config.ts" ORGFRONT_RUNTIME="$ROOT_DIR/orgfront/scripts/runtime-mode.sh" for file in \ "$LOCAL_COMPOSE" \ "$STAGING_COMPOSE" \ "$PULL_COMPOSE" \ "$DEPLOY_TEMPLATE" \ "$BUILD_RC" \ "$CODE_CHECK" \ "$STAGING_RELEASE" \ "$STAGING_PULL" \ "$ORGFRONT_VITE" \ "$ORGFRONT_RUNTIME" do if [[ ! -f "$file" ]]; then echo "ERROR: expected file not found: $file" >&2 exit 1 fi done assert_contains "$LOCAL_COMPOSE" "dockerfile: ./orgfront/Dockerfile" assert_contains "$LOCAL_COMPOSE" "./orgfront:/workspace/orgfront" assert_contains "$LOCAL_COMPOSE" "VITE_ORGFRONT_PUBLIC_URL: \${ORGFRONT_URL}" assert_contains "$LOCAL_COMPOSE" "VITE_OIDC_CLIENT_ID: orgfront" assert_not_contains "$LOCAL_COMPOSE" "../baron-orgchart" for file in "$STAGING_COMPOSE" "$PULL_COMPOSE" "$DEPLOY_TEMPLATE"; do assert_contains "$file" "orgfront:" assert_contains "$file" "ORGFRONT_PORT" done for file in "$STAGING_COMPOSE" "$PULL_COMPOSE"; do assert_contains "$file" "API_PROXY_TARGET=http://baron_backend:3000" done assert_contains "$STAGING_COMPOSE" 'image: ${ORGFRONT_IMAGE_NAME}:${IMAGE_TAG}' assert_contains "$PULL_COMPOSE" "context: ." assert_contains "$PULL_COMPOSE" "dockerfile: ./orgfront/Dockerfile" assert_contains "$PULL_COMPOSE" "VITE_ORGFRONT_PUBLIC_URL: \${ORGFRONT_URL:-}" assert_not_contains "$PULL_COMPOSE" "./orgfront:/app" assert_contains "$DEPLOY_TEMPLATE" "dockerfile: ./orgfront/Dockerfile" assert_contains "$DEPLOY_TEMPLATE" "VITE_ORGFRONT_PUBLIC_URL: \${ORGFRONT_URL}" assert_not_contains "$DEPLOY_TEMPLATE" "../../orgfront:/app" assert_not_contains "$DEPLOY_TEMPLATE" "./orgfront/vite.config.ts:/app/vite.config.ts:ro" assert_not_contains "$DEPLOY_TEMPLATE" "./orgfront/auth.ts:/app/src/lib/auth.ts:ro" assert_contains "$BUILD_RC" "Build and push orgfront RC image" assert_contains "$BUILD_RC" "context: ." assert_contains "$BUILD_RC" "file: ./orgfront/Dockerfile" assert_contains "$BUILD_RC" "/baron_sso/orgfront:" assert_contains "$CODE_CHECK" "run_orgfront_tests" assert_contains "$CODE_CHECK" "cd orgfront" assert_contains "$CODE_CHECK" "pnpm install -C ../common --no-frozen-lockfile" assert_contains "$CODE_CHECK" "pnpm run test" assert_contains "$STAGING_RELEASE" "ORGFRONT_IMAGE_NAME" assert_contains "$STAGING_RELEASE" "ORGFRONT_PORT=" assert_contains "$STAGING_RELEASE" "ORGFRONT_CALLBACK_URLS=" assert_contains "$STAGING_RELEASE" "export ORGFRONT_IMAGE_NAME=" assert_contains "$STAGING_RELEASE" "ORGFRONT_URL=" assert_not_contains "$STAGING_RELEASE" "VITE_ORGCHART_URL=" assert_contains "$STAGING_PULL" "ORGFRONT_PORT=" assert_contains "$STAGING_PULL" "ORGFRONT_CALLBACK_URLS=" assert_contains "$STAGING_PULL" "ORGFRONT_URL=" assert_not_contains "$STAGING_PULL" "VITE_ORGCHART_URL=" assert_contains "$ORGFRONT_VITE" "baron-orgchart.hmac.kr" assert_not_contains "$ORGFRONT_VITE" "VITE_ORGCHART_URL" assert_contains "$ORGFRONT_RUNTIME" "npm run dev -- --host 0.0.0.0 --port 5175" assert_contains "$ORGFRONT_RUNTIME" "npm run preview -- --host 0.0.0.0 --port 5175" assert_contains "$ROOT_DIR/adminfront/vite.config.ts" 'envPrefix: ["VITE_", "USERFRONT_", "ORGFRONT_"]' assert_contains "$ROOT_DIR/deploy/templates/adminfront/vite.config.ts" 'envPrefix: ["VITE_", "USERFRONT_", "ORGFRONT_"]' legacy_orgchart_refs="$(grep -R -n "VITE_ORGCHART_URL" \ "$ROOT_DIR/adminfront/src" \ "$ROOT_DIR/adminfront/vite.config.ts" \ "$ROOT_DIR/deploy/templates/adminfront/vite.config.ts" \ "$ROOT_DIR/orgfront/vite.config.ts" \ "$STAGING_PULL" \ "$STAGING_RELEASE" || true)" if [[ -n "$legacy_orgchart_refs" ]]; then echo "ERROR: legacy VITE_ORGCHART_URL references remain" echo "$legacy_orgchart_refs" exit 1 fi echo "OK: OrgFront compose, CI, and staging deployment policy is wired"