From 6bdb524489b0de1cfca0656dd9160d052e5d7cc0 Mon Sep 17 00:00:00 2001 From: Micah Zoltu Date: Tue, 5 Dec 2023 19:19:30 +0800 Subject: [PATCH] Adds support for loading environment vars from file. (#938) * Adds support for loading environment from file. --- docker/docker-entrypoint.sh | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index dfdc7a460..2b5dc06a4 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,5 +1,27 @@ #!/bin/bash +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + # Setup environment variables export MODE="self-hosted" @@ -44,10 +66,12 @@ if [ -z "$DB_PORT" ]; then echo "DB_PORT is not set. Please set it in your .env file." exit 1 fi +file_env 'DB_USERNAME' if [ -z "$DB_USERNAME" ]; then echo "DB_USERNAME is not set. Please set it in your .env file." exit 1 fi +file_env 'DB_PASSWORD' if [ -z "$DB_PASSWORD" ]; then echo "DB_PASSWORD is not set. Please set it in your .env file." exit 1 @@ -89,11 +113,13 @@ fi # SHARED # ########## +file_env 'AUTH_JWT_SECRET' if [ -z "$AUTH_JWT_SECRET" ]; then echo "AUTH_JWT_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." exit 1 fi +file_env 'VALET_TOKEN_SECRET' if [ -z "$VALET_TOKEN_SECRET" ]; then echo "VALET_TOKEN_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." exit 1 @@ -120,6 +146,7 @@ if [ -z "$AUTH_SERVER_DISABLE_USER_REGISTRATION" ]; then export AUTH_SERVER_DISABLE_USER_REGISTRATION=false fi +file_env 'AUTH_SERVER_PSEUDO_KEY_PARAMS_KEY' if [ -z "$AUTH_SERVER_PSEUDO_KEY_PARAMS_KEY" ]; then export AUTH_SERVER_PSEUDO_KEY_PARAMS_KEY=$(openssl rand -hex 32) fi @@ -142,6 +169,7 @@ if [ -z "$AUTH_SERVER_EPHEMERAL_SESSION_AGE" ]; then export AUTH_SERVER_EPHEMERAL_SESSION_AGE=259200 fi +file_env 'AUTH_SERVER_ENCRYPTION_SERVER_KEY' if [ -z "$AUTH_SERVER_ENCRYPTION_SERVER_KEY" ]; then echo "AUTH_SERVER_ENCRYPTION_SERVER_KEY is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." exit 1 @@ -161,9 +189,11 @@ fi if [ -z "$AUTH_SERVER_SNS_ENDPOINT" ]; then export AUTH_SERVER_SNS_ENDPOINT="http://localstack:4566" fi +file_env 'AUTH_SERVER_SNS_SECRET_ACCESS_KEY' if [ -z "$AUTH_SERVER_SNS_SECRET_ACCESS_KEY" ]; then export AUTH_SERVER_SNS_SECRET_ACCESS_KEY="x" fi +file_env 'AUTH_SERVER_SNS_ACCESS_KEY_ID' if [ -z "$AUTH_SERVER_SNS_ACCESS_KEY_ID" ]; then export AUTH_SERVER_SNS_ACCESS_KEY_ID="x" fi @@ -176,9 +206,11 @@ fi if [ -z "$AUTH_SERVER_SQS_AWS_REGION" ]; then export AUTH_SERVER_SQS_AWS_REGION="us-east-1" fi +file_env 'AUTH_SERVER_SQS_ACCESS_KEY_ID' if [ -z "$AUTH_SERVER_SQS_ACCESS_KEY_ID" ]; then export AUTH_SERVER_SQS_ACCESS_KEY_ID="x" fi +file_env 'AUTH_SERVER_SQS_SECRET_ACCESS_KEY' if [ -z "$AUTH_SERVER_SQS_SECRET_ACCESS_KEY" ]; then export AUTH_SERVER_SQS_SECRET_ACCESS_KEY="x" fi @@ -218,9 +250,11 @@ fi if [ -z "$SYNCING_SERVER_SNS_ENDPOINT" ]; then export SYNCING_SERVER_SNS_ENDPOINT="http://localstack:4566" fi +file_env 'SYNCING_SERVER_SNS_SECRET_ACCESS_KEY' if [ -z "$SYNCING_SERVER_SNS_SECRET_ACCESS_KEY" ]; then export SYNCING_SERVER_SNS_SECRET_ACCESS_KEY="x" fi +file_env 'SYNCING_SERVER_SNS_ACCESS_KEY_ID' if [ -z "$SYNCING_SERVER_SNS_ACCESS_KEY_ID" ]; then export SYNCING_SERVER_SNS_ACCESS_KEY_ID="x" fi @@ -233,9 +267,11 @@ fi if [ -z "$SYNCING_SERVER_SQS_AWS_REGION" ]; then export SYNCING_SERVER_SQS_AWS_REGION="us-east-1" fi +file_env 'SYNCING_SERVER_SQS_ACCESS_KEY_ID' if [ -z "$SYNCING_SERVER_SQS_ACCESS_KEY_ID" ]; then export SYNCING_SERVER_SQS_ACCESS_KEY_ID="x" fi +file_env 'SYNCING_SERVER_SQS_SECRET_ACCESS_KEY' if [ -z "$SYNCING_SERVER_SQS_SECRET_ACCESS_KEY" ]; then export SYNCING_SERVER_SQS_SECRET_ACCESS_KEY="x" fi @@ -278,9 +314,11 @@ fi if [ -z "$FILES_SERVER_SNS_ENDPOINT" ]; then export FILES_SERVER_SNS_ENDPOINT="http://localstack:4566" fi +file_env 'FILES_SERVER_SNS_SECRET_ACCESS_KEY' if [ -z "$FILES_SERVER_SNS_SECRET_ACCESS_KEY" ]; then export FILES_SERVER_SNS_SECRET_ACCESS_KEY="x" fi +file_env 'FILES_SERVER_SNS_ACCESS_KEY_ID' if [ -z "$FILES_SERVER_SNS_ACCESS_KEY_ID" ]; then export FILES_SERVER_SNS_ACCESS_KEY_ID="x" fi @@ -293,9 +331,11 @@ fi if [ -z "$FILES_SERVER_SQS_AWS_REGION" ]; then export FILES_SERVER_SQS_AWS_REGION="us-east-1" fi +file_env 'FILES_SERVER_SQS_ACCESS_KEY_ID' if [ -z "$FILES_SERVER_SQS_ACCESS_KEY_ID" ]; then export FILES_SERVER_SQS_ACCESS_KEY_ID="x" fi +file_env 'FILES_SERVER_SQS_SECRET_ACCESS_KEY' if [ -z "$FILES_SERVER_SQS_SECRET_ACCESS_KEY" ]; then export FILES_SERVER_SQS_SECRET_ACCESS_KEY="x" fi @@ -322,9 +362,11 @@ fi if [ -z "$REVISIONS_SERVER_SNS_ENDPOINT" ]; then export REVISIONS_SERVER_SNS_ENDPOINT="http://localstack:4566" fi +file_env 'REVISIONS_SERVER_SNS_SECRET_ACCESS_KEY' if [ -z "$REVISIONS_SERVER_SNS_SECRET_ACCESS_KEY" ]; then export REVISIONS_SERVER_SNS_SECRET_ACCESS_KEY="x" fi +file_env 'REVISIONS_SERVER_SNS_ACCESS_KEY_ID' if [ -z "$REVISIONS_SERVER_SNS_ACCESS_KEY_ID" ]; then export REVISIONS_SERVER_SNS_ACCESS_KEY_ID="x" fi @@ -337,9 +379,11 @@ fi if [ -z "$REVISIONS_SERVER_SQS_AWS_REGION" ]; then export REVISIONS_SERVER_SQS_AWS_REGION="us-east-1" fi +file_env 'REVISIONS_SERVER_SQS_ACCESS_KEY_ID' if [ -z "$REVISIONS_SERVER_SQS_ACCESS_KEY_ID" ]; then export REVISIONS_SERVER_SQS_ACCESS_KEY_ID="x" fi +file_env 'REVISIONS_SERVER_SQS_SECRET_ACCESS_KEY' if [ -z "$REVISIONS_SERVER_SQS_SECRET_ACCESS_KEY" ]; then export REVISIONS_SERVER_SQS_SECRET_ACCESS_KEY="x" fi