name: baron-sso-staging services: backend: image: ${BACKEND_IMAGE_NAME}:${IMAGE_TAG} container_name: baron_backend restart: unless-stopped env_file: - .env environment: - APP_ENV=stage # 스테이징 환경 명시 - COOKIE_SECRET=${COOKIE_SECRET} - DB_HOST=postgres - CLICKHOUSE_HOST=clickhouse - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} - CLICKHOUSE_USER=${CLICKHOUSE_USER:-baron} - CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password} - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr} - REDIS_ADDR=${REDIS_ADDR:-redis:6389} - IDP_PROVIDER=${IDP_PROVIDER:-ory} - KRATOS_ADMIN_URL=${KRATOS_ADMIN_URL:-http://ory_kratos:4434} - HYDRA_ADMIN_URL=${HYDRA_ADMIN_URL:-http://ory_hydra:4445} - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://ory_hydra:4444} - PROFILE_CACHE_TTL=${PROFILE_CACHE_TTL:-30m} - DESCOPE_PROJECT_ID=${DESCOPE_PROJECT_ID} - DESCOPE_MANAGEMENT_KEY=${DESCOPE_MANAGEMENT_KEY} - NAVER_CLOUD_ACCESS_KEY=${NAVER_CLOUD_ACCESS_KEY} - NAVER_CLOUD_SECRET_KEY=${NAVER_CLOUD_SECRET_KEY} - NAVER_CLOUD_SERVICE_ID=${NAVER_CLOUD_SERVICE_ID} - NAVER_SENDER_PHONE_NUMBER=${NAVER_SENDER_PHONE_NUMBER} - AWS_REGION=${AWS_REGION} - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} - AWS_SES_SENDER=${AWS_SES_SENDER} ports: - "${BACKEND_PORT:-3000}:3000" depends_on: infra_check: condition: service_healthy ory_kratos: # Kratos SoT이므로 명시적 의존성 추가 condition: service_started ory_hydra: # Hydra 의존성 추가 condition: service_started healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"] interval: 10s timeout: 5s retries: 3 start_period: 10s networks: - baron_net - ory-net adminfront: image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG} container_name: baron_adminfront restart: unless-stopped env_file: - .env environment: - APP_ENV=stage - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000} - ADMIN_EMAIL=${ADMIN_EMAIL} - ADMIN_PASSWORD=${ADMIN_PASSWORD} ports: - "${ADMINFRONT_PORT:-5173}:5173" networks: - baron_net depends_on: backend: condition: service_healthy devfront: image: ${DEVFRONT_IMAGE_NAME}:${IMAGE_TAG} container_name: baron_devfront restart: unless-stopped env_file: - .env environment: - APP_ENV=stage - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000} ports: - "${DEVFRONT_PORT:-5174}:5173" networks: - baron_net depends_on: backend: condition: service_healthy userfront: image: ${USERFRONT_IMAGE_NAME}:${IMAGE_TAG} container_name: baron_userfront restart: unless-stopped env_file: - .env environment: - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr} - BACKEND_URL=${BACKEND_URL:-http://sso.hmac.kr/api} - APP_ENV=stage - OATHKEEPER_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL:-http://sso.hmac.kr} - KRATOS_BROWSER_URL=${KRATOS_BROWSER_URL:-http://sso.hmac.kr/auth} - KRATOS_UI_URL=${KRATOS_UI_URL:-http://sso.hmac.kr} - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://sso.hmac.kr/oidc} ports: - "${USERFRONT_PORT:-5000}:80" depends_on: backend: condition: service_healthy networks: - baron_net - ory-net infra_check: image: alpine command: ["echo", "Infrastructure assumed running"] networks: - baron_net networks: baron_net: external: true name: baron_net ory-net: external: true name: ory-net