kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
9464c156984c317926c220f65c9b4da940567abe
baron-sso/scripts/deploy/build_image_deploy_bundle.sh
Lectom a56d68896f production 푸시 초안
2026-06-18 11:02:48 +09:00

163 lines
5.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
repo_root="$(cd "$script_dir/../.." && pwd)"
die() {
printf 'ERROR: %s\n' "$*" >&2
exit 1
}
require_env() {
local key="$1"
[[ -n "${!key:-}" ]] || die "Missing required env: $key"
}
host_from_url() {
local value="$1"
value="${value#https://}"
value="${value#http://}"
printf '%s' "${value%%/*}"
}
require_env IMAGE_TAG
require_env IMAGE_DEPLOY_ENV
require_env IMAGE_DEPLOY_PORT_PREFIX
require_env IMAGE_DEPLOY_PUBLIC_URL
require_env ADMINFRONT_URL
require_env DEVFRONT_URL
require_env ORGFRONT_URL
require_env VITE_OIDC_AUTHORITY
require_env HARBOR_HOSTNAME
if ! printf '%s' "$IMAGE_TAG" | grep -Eq '^v[0-9]+\.[0-9]{4}\.[0-9a-f]{4}$'; then
die "IMAGE_TAG must look like vX.YYMM.ab12 (got: $IMAGE_TAG)"
fi
case "$IMAGE_DEPLOY_ENV" in
stage | staging)
app_env="stage"
default_instance_name="stage"
;;
production | prod)
app_env="production"
default_instance_name="prod"
;;
*)
die "IMAGE_DEPLOY_ENV must be stage or production"
;;
esac
instance_name="${IMAGE_DEPLOY_INSTANCE_NAME:-$default_instance_name}"
bundle_dir="${IMAGE_DEPLOY_BUNDLE_DIR:-$PWD/${instance_name}-image-deploy-bundle}"
bundle_file="${IMAGE_DEPLOY_BUNDLE_FILE:-$PWD/${instance_name}-image-deploy-bundle.tgz}"
compose_template="${IMAGE_DEPLOY_COMPOSE_TEMPLATE:-$repo_root/deploy/templates/docker-compose.images.yaml}"
rm -rf "$bundle_dir"
TARGET_DIR="$bundle_dir" bash "$repo_root/deploy/create-instance.sh" "$instance_name" "$IMAGE_DEPLOY_PORT_PREFIX"
cp "$compose_template" "$bundle_dir/docker-compose.yml"
public_host="$(host_from_url "$IMAGE_DEPLOY_PUBLIC_URL")"
admin_host="$(host_from_url "$ADMINFRONT_URL")"
dev_host="$(host_from_url "$DEVFRONT_URL")"
org_host="$(host_from_url "$ORGFRONT_URL")"
cat >"$bundle_dir/.env" <<EOF
INSTANCE_NAME=${instance_name}
COMPOSE_PROJECT_NAME=baron-sso-${instance_name}
APP_ENV=${app_env}
TZ=Asia/Seoul
SOURCE_ROOT=.
P=${IMAGE_DEPLOY_PORT_PREFIX}
DB_PORT=${IMAGE_DEPLOY_DB_PORT}
REDIS_PORT=${IMAGE_DEPLOY_REDIS_PORT}
CLICKHOUSE_PORT_HTTP=${IMAGE_DEPLOY_CLICKHOUSE_PORT_HTTP}
CLICKHOUSE_PORT_NATIVE=${IMAGE_DEPLOY_CLICKHOUSE_PORT_NATIVE}
BACKEND_PORT=${IMAGE_DEPLOY_BACKEND_PORT}
USERFRONT_PORT=${IMAGE_DEPLOY_FRONTEND_PORT}
ADMINFRONT_PORT=${ADMINFRONT_PORT}
DEVFRONT_PORT=${DEVFRONT_PORT}
ORGFRONT_PORT=${ORGFRONT_PORT}
OATHKEEPER_PROXY_PORT=${IMAGE_DEPLOY_OATHKEEPER_PROXY_PORT}
DOMAIN_SUFFIX=${IMAGE_DEPLOY_DOMAIN_SUFFIX}
USERFRONT_URL=${IMAGE_DEPLOY_PUBLIC_URL}
ADMINFRONT_URL=${ADMINFRONT_URL}
DEVFRONT_URL=${DEVFRONT_URL}
ORGFRONT_URL=${ORGFRONT_URL}
PUBLIC_HOST=${public_host}
ADMINFRONT_HOST=${admin_host}
DEVFRONT_HOST=${dev_host}
ORGFRONT_HOST=${org_host}
TRAEFIK_PUBLIC_NETWORK=traefik-public
TRAEFIK_ENTRYPOINT=websecure
TRAEFIK_CERT_RESOLVER=myresolver
VITE_OIDC_AUTHORITY=${VITE_OIDC_AUTHORITY}
ADMINFRONT_CALLBACK_URLS=${ADMINFRONT_CALLBACK_URLS}
DEVFRONT_CALLBACK_URLS=${DEVFRONT_CALLBACK_URLS}
ORGFRONT_CALLBACK_URLS=${ORGFRONT_CALLBACK_URLS}
KRATOS_UI_URL=${IMAGE_DEPLOY_PUBLIC_URL}/auth
KRATOS_BROWSER_URL=${IMAGE_DEPLOY_PUBLIC_URL}/auth
KRATOS_ADMIN_URL=http://kratos:4434
HYDRA_PUBLIC_URL=${IMAGE_DEPLOY_PUBLIC_URL}/oidc
HYDRA_ADMIN_URL=http://hydra:4445
HYDRA_LOGIN_URL=${IMAGE_DEPLOY_PUBLIC_URL}/login
HYDRA_CONSENT_URL=${IMAGE_DEPLOY_PUBLIC_URL}/consent
HYDRA_ERROR_URL=${IMAGE_DEPLOY_PUBLIC_URL}/error
HYDRA_REFRESH_TOKEN_TTL=${HYDRA_REFRESH_TOKEN_TTL}
OATHKEEPER_PUBLIC_URL=${IMAGE_DEPLOY_PUBLIC_URL}
KETO_READ_URL=http://keto:4466
KETO_WRITE_URL=http://keto:4467
IDP_PROVIDER=ory
DB_PASSWORD=${IMAGE_DEPLOY_DB_PASSWORD}
ORY_POSTGRES_USER=${ORY_POSTGRES_USER}
ORY_POSTGRES_PASSWORD=${IMAGE_DEPLOY_ORY_POSTGRES_PASSWORD}
ORY_POSTGRES_DB=${ORY_POSTGRES_DB}
KRATOS_DB=${KRATOS_DB}
HYDRA_DB=${HYDRA_DB}
KETO_DB=${KETO_DB}
KRATOS_VERSION=${KRATOS_VERSION}
HYDRA_VERSION=${HYDRA_VERSION}
KETO_VERSION=${KETO_VERSION}
OATHKEEPER_VERSION=${OATHKEEPER_VERSION}
ORY_POSTGRES_TAG=${ORY_POSTGRES_TAG}
OATHKEEPER_UID=${OATHKEEPER_UID}
OATHKEEPER_GID=${OATHKEEPER_GID}
OATHKEEPER_INTROSPECT_CLIENT_ID=${OATHKEEPER_INTROSPECT_CLIENT_ID}
OATHKEEPER_INTROSPECT_CLIENT_SECRET=${IMAGE_DEPLOY_OATHKEEPER_INTROSPECT_CLIENT_SECRET}
CLICKHOUSE_PASSWORD=${IMAGE_DEPLOY_CLICKHOUSE_PASSWORD}
REDIS_ADDR=redis:6379
COOKIE_SECRET=${IMAGE_DEPLOY_COOKIE_SECRET}
JWT_SECRET=${IMAGE_DEPLOY_JWT_SECRET}
CSRF_COOKIE_SECRET=${IMAGE_DEPLOY_CSRF_COOKIE_SECRET}
ADMIN_EMAIL=${ADMIN_EMAIL}
ADMIN_PASSWORD=${IMAGE_DEPLOY_ADMIN_PASSWORD}
IMAGE_TAG=${IMAGE_TAG}
BACKEND_IMAGE_NAME=${BACKEND_IMAGE_NAME}
USERFRONT_IMAGE_NAME=${USERFRONT_IMAGE_NAME}
ADMINFRONT_IMAGE_NAME=${ADMINFRONT_IMAGE_NAME}
DEVFRONT_IMAGE_NAME=${DEVFRONT_IMAGE_NAME}
ORGFRONT_IMAGE_NAME=${ORGFRONT_IMAGE_NAME}
EOF
chmod 600 "$bundle_dir/.env"
required_dotenv_keys="
APP_ENV IMAGE_TAG BACKEND_IMAGE_NAME USERFRONT_IMAGE_NAME ADMINFRONT_IMAGE_NAME DEVFRONT_IMAGE_NAME ORGFRONT_IMAGE_NAME
USERFRONT_URL PUBLIC_HOST HYDRA_PUBLIC_URL VITE_OIDC_AUTHORITY TRAEFIK_PUBLIC_NETWORK
DB_PASSWORD ORY_POSTGRES_PASSWORD COOKIE_SECRET JWT_SECRET CSRF_COOKIE_SECRET
"
for key in $required_dotenv_keys; do
if ! grep -Eq "^${key}=.+" "$bundle_dir/.env"; then
die "Missing required bundle .env value: $key"
fi
done
ORY_CONFIG_ENV_FILES="$bundle_dir/.env" \
ORY_CONFIG_TEMPLATE_ROOT="$bundle_dir/ory/templates" \
ORY_CONFIG_OUTPUT_DIR="$bundle_dir/config/.generated/ory" \
bash "$repo_root/scripts/render_ory_config.sh"
tar -C "$bundle_dir" -czf "$bundle_file" .
printf '%s\n' "$bundle_file"
View Git Blame Copy Permalink