baron-sso/docker/docker-compose.staging.template.yaml

name: baron-sso-staging

services:
  backend:
    image: ${BACKEND_IMAGE_NAME}:${IMAGE_TAG}
    container_name: baron_backend
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - APP_ENV=stage # 스테이징 환경 명시
      - COOKIE_SECRET=${COOKIE_SECRET}
      - DB_HOST=postgres
      - CLICKHOUSE_HOST=clickhouse
      - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000}
      - CLICKHOUSE_USER=${CLICKHOUSE_USER:-baron}
      - CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password}
      - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr}
      - REDIS_ADDR=${REDIS_ADDR:-redis:6389}
      - IDP_PROVIDER=${IDP_PROVIDER:-ory}
      - KRATOS_ADMIN_URL=${KRATOS_ADMIN_URL:-http://ory_kratos:4434}
      - HYDRA_ADMIN_URL=${HYDRA_ADMIN_URL:-http://ory_hydra:4445}
      - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://ory_hydra:4444}
      - PROFILE_CACHE_TTL=${PROFILE_CACHE_TTL:-30m}
      - DESCOPE_PROJECT_ID=${DESCOPE_PROJECT_ID}
      - DESCOPE_MANAGEMENT_KEY=${DESCOPE_MANAGEMENT_KEY}
      - NAVER_CLOUD_ACCESS_KEY=${NAVER_CLOUD_ACCESS_KEY}
      - NAVER_CLOUD_SECRET_KEY=${NAVER_CLOUD_SECRET_KEY}
      - NAVER_CLOUD_SERVICE_ID=${NAVER_CLOUD_SERVICE_ID}
      - NAVER_SENDER_PHONE_NUMBER=${NAVER_SENDER_PHONE_NUMBER}
      - AWS_REGION=${AWS_REGION}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
      - AWS_SES_SENDER=${AWS_SES_SENDER}
    ports:
      - "${BACKEND_PORT:-3000}:3000"
    depends_on:
      infra_check:
        condition: service_healthy
      ory_kratos: # Kratos SoT이므로 명시적 의존성 추가
        condition: service_started
      ory_hydra: # Hydra 의존성 추가
        condition: service_started
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s
    networks:
      - baron_net
      - ory-net

  adminfront:
    image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG}
    container_name: baron_adminfront
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - APP_ENV=stage
      - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000}
      - ADMIN_EMAIL=${ADMIN_EMAIL}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
    ports:
      - "${ADMINFRONT_PORT:-5173}:5173"
    networks:
      - baron_net
    depends_on:
      backend:
        condition: service_healthy

  devfront:
    image: ${DEVFRONT_IMAGE_NAME}:${IMAGE_TAG}
    container_name: baron_devfront
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - APP_ENV=stage
      - API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000}
    ports:
      - "${DEVFRONT_PORT:-5174}:5173"
    networks:
      - baron_net
    depends_on:
      backend:
        condition: service_healthy

  userfront:
    image: ${USERFRONT_IMAGE_NAME}:${IMAGE_TAG}
    container_name: baron_userfront
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - USERFRONT_URL=${USERFRONT_URL:-http://sso.hmac.kr}
      - BACKEND_URL=${BACKEND_URL:-http://sso.hmac.kr/api}
      - APP_ENV=stage
      - OATHKEEPER_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL:-http://sso.hmac.kr}
      - KRATOS_BROWSER_URL=${KRATOS_BROWSER_URL:-http://sso.hmac.kr/auth}
      - KRATOS_UI_URL=${KRATOS_UI_URL:-http://sso.hmac.kr}
      - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://sso.hmac.kr/oidc}
    ports:
      - "${USERFRONT_PORT:-5000}:80"
    depends_on:
      backend:
        condition: service_healthy
    networks:
      - baron_net
      - ory-net

  infra_check:
    image: alpine
    command: ["echo", "Infrastructure assumed running"]
    networks:
      - baron_net

networks:
  baron_net:
    external: true
    name: baron_net
  ory-net:
    external: true
    name: ory-net