feat: update deployment configuration and encrypted env loader

- Update Ansible playbooks and roles for application deployment - Add new Gitea/Traefik troubleshooting playbooks - Update Docker Compose configurations (base, local, staging, production) - Enhance EncryptedEnvLoader with improved error handling - Add deployment scripts (autossh setup, migration, secret testing) - Update CI/CD workflows and documentation - Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,31 +1,34 @@
 #!/bin/bash
 set -e

-echo "🔐 Loading secrets from /run/secrets/..."
+echo "🔐 Loading secrets..."

 # Function to load secret from file if *_FILE env var is set
-load_secret() {
+# This is a fallback for environments where Docker Secrets are not configured
+# The Framework's DockerSecretsResolver handles *_FILE pattern automatically
+load_secret_fallback() {
    local var_name="$1"
    local file_var="${var_name}_FILE"

-    if [ -n "${!file_var}" ] && [ -f "${!file_var}" ]; then
+    # Only load manually if *_FILE is set but Framework hasn't loaded it yet
+    # (This is mainly for backward compatibility during migration)
+    if [ -n "${!file_var}" ] && [ -f "${!file_var}" ] && [ -z "${!var_name}" ]; then
        export "$var_name"="$(cat "${!file_var}")"
-        echo "✅ Loaded $var_name from ${!file_var}"
+        echo "✅ Loaded $var_name from ${!file_var} (fallback)"
    fi
 }

-# Load database password from secret file
-load_secret "DB_PASSWORD"
+# Load secrets as fallback (Framework handles *_FILE pattern automatically via DockerSecretsResolver)
+# This is mainly for backward compatibility during migration
+load_secret_fallback "DB_PASSWORD"
+load_secret_fallback "REDIS_PASSWORD"
+load_secret_fallback "APP_KEY"
+load_secret_fallback "VAULT_ENCRYPTION_KEY"
+load_secret_fallback "SHOPIFY_WEBHOOK_SECRET"
+load_secret_fallback "RAPIDMAIL_PASSWORD"
+load_secret_fallback "GIT_TOKEN"

-# Load other secrets
-load_secret "REDIS_PASSWORD"
-load_secret "APP_KEY"
-load_secret "VAULT_ENCRYPTION_KEY"
-load_secret "SHOPIFY_WEBHOOK_SECRET"
-load_secret "RAPIDMAIL_PASSWORD"
-load_secret "GIT_TOKEN"
-
-echo "✅ All secrets loaded"
+echo "✅ Secrets loading completed (Framework handles *_FILE pattern automatically)"

 # Git Clone/Pull functionality
 if [ -n "$GIT_REPOSITORY_URL" ]; then