kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
ec41f8da0043667e79e69f341b14983fb08d30eb
baron-sso/scripts/test_image_deploy_env_override.sh

170 lines
7.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
tmp_root="$(mktemp -d)"
cleanup() {
rm -rf "$tmp_root"
}
trap cleanup EXIT INT TERM
assert_contains() {
local file="$1"
local pattern="$2"
if ! grep -Fq "$pattern" "$file"; then
printf 'missing pattern in %s: %s\n' "$file" "$pattern" >&2
exit 1
fi
}
assert_env_value() {
local file="$1"
local key="$2"
local expected="$3"
if ! grep -Fxq "${key}=${expected}" "$file"; then
printf 'missing env value in %s: %s=%s\n' "$file" "$key" "$expected" >&2
exit 1
fi
}
for workflow in \
"$repo_root/.gitea/workflows/staging_image_deploy.yml" \
"$repo_root/.gitea/workflows/production_image_deploy.yml"
do
assert_contains "$workflow" "IMAGE_DEPLOY_BACKEND_LOG_LEVEL:"
assert_contains "$workflow" "IMAGE_DEPLOY_CLIENT_LOG_DEBUG:"
assert_contains "$workflow" "WORKS_ADMIN_API_BASE_URL:"
assert_contains "$workflow" "WORKS_ADMIN_OAUTH_TOKEN_URL:"
assert_contains "$workflow" "PROFILE_CACHE_TTL:"
assert_contains "$workflow" "NAVER_CLOUD_ACCESS_KEY:"
assert_contains "$workflow" "NAVER_CLOUD_SECRET_KEY:"
assert_contains "$workflow" "NAVER_CLOUD_SERVICE_ID:"
assert_contains "$workflow" "NAVER_SENDER_PHONE_NUMBER:"
assert_contains "$workflow" "AWS_REGION:"
assert_contains "$workflow" "AWS_ACCESS_KEY_ID:"
assert_contains "$workflow" "AWS_SECRET_ACCESS_KEY:"
assert_contains "$workflow" "AWS_SES_SENDER:"
assert_contains "$workflow" "CORS_ALLOWED_ORIGINS:"
assert_contains "$workflow" "OATHKEEPER_API_URL:"
done
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "secrets.STG_SSH_PRIVATE_KEY"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "vars.STG_USERFRONT_URL"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "vars.STG_BACKEND_URL"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "vars.STG_WORKS_ADMIN_API_BASE_URL"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "secrets.STG_NAVER_CLOUD_SECRET_KEY"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "secrets.STG_AWS_SECRET_ACCESS_KEY"
assert_contains "$repo_root/.gitea/workflows/staging_image_deploy.yml" "secrets.STG_CLICKHOUSE_PASSWORD"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "secrets.PROD_SSH_PRIVATE_KEY"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "vars.PROD_FRONTEND_URL"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "vars.PROD_BACKEND_URL"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "vars.PROD_WORKS_ADMIN_API_BASE_URL"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "secrets.PROD_NAVER_CLOUD_SECRET_KEY"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "secrets.PROD_AWS_SECRET_ACCESS_KEY"
assert_contains "$repo_root/.gitea/workflows/production_image_deploy.yml" "secrets.PROD_CLICKHOUSE_PASSWORD"
bundle_dir="$tmp_root/stage-image-deploy-bundle"
bundle_file="$tmp_root/stage-image-deploy-bundle.tgz"
(
cd "$repo_root"
IMAGE_TAG=v1.2606.ab12 \
IMAGE_DEPLOY_ENV=stage \
IMAGE_DEPLOY_INSTANCE_NAME=stage-test \
IMAGE_DEPLOY_PORT_PREFIX=19 \
IMAGE_DEPLOY_PUBLIC_URL=https://sso.example.test \
IMAGE_DEPLOY_COMPOSE_TEMPLATE=deploy/templates/docker-compose.images.yaml \
IMAGE_DEPLOY_BUNDLE_DIR="$bundle_dir" \
IMAGE_DEPLOY_BUNDLE_FILE="$bundle_file" \
ADMINFRONT_URL=https://sadmin.example.test \
DEVFRONT_URL=https://sdev.example.test \
ORGFRONT_URL=https://sorg.example.test \
VITE_OIDC_AUTHORITY=https://sso.example.test/oidc \
IMAGE_DEPLOY_DB_PORT=15432 \
IMAGE_DEPLOY_REDIS_PORT=16379 \
IMAGE_DEPLOY_CLICKHOUSE_PORT_HTTP=18123 \
IMAGE_DEPLOY_CLICKHOUSE_PORT_NATIVE=19000 \
IMAGE_DEPLOY_BACKEND_PORT=13000 \
IMAGE_DEPLOY_FRONTEND_PORT=15000 \
ADMINFRONT_PORT=15173 \
DEVFRONT_PORT=15174 \
ORGFRONT_PORT=15175 \
IMAGE_DEPLOY_OATHKEEPER_PROXY_PORT=14455 \
IMAGE_DEPLOY_DOMAIN_SUFFIX=example.test \
ADMINFRONT_CALLBACK_URLS=https://sadmin.example.test/auth/callback \
DEVFRONT_CALLBACK_URLS=https://sdev.example.test/auth/callback \
ORGFRONT_CALLBACK_URLS=https://sorg.example.test/auth/callback \
HYDRA_REFRESH_TOKEN_TTL=720h \
ORY_POSTGRES_USER=ory \
ORY_POSTGRES_DB=ory \
KRATOS_DB=ory_kratos \
HYDRA_DB=ory_hydra \
KETO_DB=ory_keto \
KRATOS_VERSION=v26.2.0-distroless \
HYDRA_VERSION=v26.2.0-distroless \
KETO_VERSION=v26.2.0-distroless \
OATHKEEPER_VERSION=v26.2.0 \
ORY_POSTGRES_TAG=17-trixie \
OATHKEEPER_UID=1001 \
OATHKEEPER_GID=1001 \
OATHKEEPER_INTROSPECT_CLIENT_ID=oathkeeper-introspect \
ADMIN_EMAIL=admin@example.test \
HARBOR_HOSTNAME=reg.example.test \
BACKEND_IMAGE_NAME=reg.example.test/baron_sso/backend \
USERFRONT_IMAGE_NAME=reg.example.test/baron_sso/userfront \
ADMINFRONT_IMAGE_NAME=reg.example.test/baron_sso/adminfront \
DEVFRONT_IMAGE_NAME=reg.example.test/baron_sso/devfront \
ORGFRONT_IMAGE_NAME=reg.example.test/baron_sso/orgfront \
IMAGE_DEPLOY_DB_PASSWORD=db-secret \
IMAGE_DEPLOY_ORY_POSTGRES_PASSWORD=ory-secret \
IMAGE_DEPLOY_OATHKEEPER_INTROSPECT_CLIENT_SECRET=oathkeeper-secret \
IMAGE_DEPLOY_CLICKHOUSE_PASSWORD=clickhouse-secret \
IMAGE_DEPLOY_COOKIE_SECRET=cookie-secret \
IMAGE_DEPLOY_JWT_SECRET=jwt-secret \
IMAGE_DEPLOY_CSRF_COOKIE_SECRET=csrf-secret \
IMAGE_DEPLOY_ADMIN_PASSWORD=admin-secret \
IMAGE_DEPLOY_BACKEND_LOG_LEVEL=debug \
IMAGE_DEPLOY_CLIENT_LOG_DEBUG=true \
WORKS_ADMIN_API_BASE_URL=https://works-api.example.test \
WORKS_ADMIN_OAUTH_TOKEN_URL=https://works-auth.example.test/token \
PROFILE_CACHE_TTL=30m \
NAVER_CLOUD_ACCESS_KEY=naver-access \
NAVER_CLOUD_SECRET_KEY=naver-secret \
NAVER_CLOUD_SERVICE_ID=naver-service \
NAVER_SENDER_PHONE_NUMBER=021234567 \
AWS_REGION=ap-northeast-2 \
AWS_ACCESS_KEY_ID=aws-access \
AWS_SECRET_ACCESS_KEY=aws-secret \
AWS_SES_SENDER=support@example.test \
CORS_ALLOWED_ORIGINS=https://sso.example.test \
OATHKEEPER_API_URL=http://oathkeeper:4456 \
CLICKHOUSE_HOST=clickhouse \
CLICKHOUSE_USER=baron \
scripts/deploy/build_image_deploy_bundle.sh >/dev/null
)
env_file="$bundle_dir/.env"
assert_env_value "$env_file" "BACKEND_LOG_LEVEL" "debug"
assert_env_value "$env_file" "CLIENT_LOG_DEBUG" "true"
assert_env_value "$env_file" "WORKS_ADMIN_API_BASE_URL" "https://works-api.example.test"
assert_env_value "$env_file" "WORKS_ADMIN_OAUTH_TOKEN_URL" "https://works-auth.example.test/token"
assert_env_value "$env_file" "PROFILE_CACHE_TTL" "30m"
assert_env_value "$env_file" "NAVER_CLOUD_ACCESS_KEY" "naver-access"
assert_env_value "$env_file" "NAVER_CLOUD_SECRET_KEY" "naver-secret"
assert_env_value "$env_file" "NAVER_CLOUD_SERVICE_ID" "naver-service"
assert_env_value "$env_file" "NAVER_SENDER_PHONE_NUMBER" "021234567"
assert_env_value "$env_file" "AWS_REGION" "ap-northeast-2"
assert_env_value "$env_file" "AWS_ACCESS_KEY_ID" "aws-access"
assert_env_value "$env_file" "AWS_SECRET_ACCESS_KEY" "aws-secret"
assert_env_value "$env_file" "AWS_SES_SENDER" "support@example.test"
assert_env_value "$env_file" "CORS_ALLOWED_ORIGINS" "https://sso.example.test"
assert_env_value "$env_file" "BACKEND_PUBLIC_URL" "https://sso.example.test"
assert_env_value "$env_file" "BACKEND_URL" "https://sso.example.test"
assert_env_value "$env_file" "OATHKEEPER_API_URL" "http://oathkeeper:4456"
assert_env_value "$env_file" "CLICKHOUSE_HOST" "clickhouse"
assert_env_value "$env_file" "CLICKHOUSE_USER" "baron"
echo "image deploy env override checks passed"
View Git Blame Copy Permalink