ci: setup CI/CD pipeline with Gitea Actions and secrets configuration
This commit is contained in:
85
scripts/setup-production-secrets.sh
Executable file
85
scripts/setup-production-secrets.sh
Executable file
@@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
# ==============================================================================
|
||||
# Production Secrets Setup Script
|
||||
# ==============================================================================
|
||||
# This script creates Docker Secrets on the production server from .env values
|
||||
# Run this ONCE during initial setup on the production server.
|
||||
# ==============================================================================
|
||||
|
||||
set -e
|
||||
|
||||
echo "🔐 Docker Secrets Setup for Production"
|
||||
echo "======================================"
|
||||
echo ""
|
||||
|
||||
# Check if running on production server
|
||||
if [ ! -f /home/deploy/framework/.env ]; then
|
||||
echo "❌ ERROR: /home/deploy/framework/.env not found"
|
||||
echo " Please ensure .env file exists on production server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if Docker Swarm is initialized
|
||||
if ! docker info | grep -q "Swarm: active"; then
|
||||
echo "❌ ERROR: Docker Swarm is not initialized"
|
||||
echo " Run: docker swarm init"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "📋 Reading secrets from .env file..."
|
||||
cd /home/deploy/framework
|
||||
|
||||
# Function to create secret from .env
|
||||
create_secret() {
|
||||
local secret_name=$1
|
||||
local env_key=$2
|
||||
|
||||
# Extract value from .env
|
||||
local value=$(grep "^${env_key}=" .env | cut -d'=' -f2- | sed 's/^"\(.*\)"$/\1/')
|
||||
|
||||
if [ -z "$value" ]; then
|
||||
echo "⚠️ WARNING: ${env_key} not found in .env, skipping ${secret_name}"
|
||||
return
|
||||
fi
|
||||
|
||||
# Check if secret already exists
|
||||
if docker secret ls --format "{{.Name}}" | grep -q "^${secret_name}$"; then
|
||||
echo "ℹ️ Secret '${secret_name}' already exists, skipping..."
|
||||
return
|
||||
fi
|
||||
|
||||
# Create secret
|
||||
echo "$value" | docker secret create "$secret_name" - 2>/dev/null
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ Created secret: ${secret_name}"
|
||||
else
|
||||
echo "❌ Failed to create secret: ${secret_name}"
|
||||
fi
|
||||
}
|
||||
|
||||
echo ""
|
||||
echo "🔑 Creating Docker Secrets..."
|
||||
echo ""
|
||||
|
||||
# Create all required secrets
|
||||
create_secret "db_password" "DB_PASSWORD"
|
||||
create_secret "app_key" "APP_KEY"
|
||||
create_secret "vault_encryption_key" "VAULT_ENCRYPTION_KEY"
|
||||
create_secret "shopify_webhook_secret" "SHOPIFY_WEBHOOK_SECRET"
|
||||
create_secret "rapidmail_password" "RAPIDMAIL_PASSWORD"
|
||||
|
||||
echo ""
|
||||
echo "📊 Verifying Secrets..."
|
||||
echo ""
|
||||
|
||||
docker secret ls
|
||||
|
||||
echo ""
|
||||
echo "✅ Secrets setup completed!"
|
||||
echo ""
|
||||
echo "Next steps:"
|
||||
echo " 1. Deploy the stack: docker stack deploy -c docker-compose.prod.yml framework"
|
||||
echo " 2. Monitor deployment: watch docker stack ps framework"
|
||||
echo " 3. Check logs: docker service logs framework_web"
|
||||
echo ""
|
||||
Reference in New Issue
Block a user