#!/bin/bash set -e echo "🔐 Loading secrets from /run/secrets/..." # Function to load secret from file if *_FILE env var is set load_secret() { local var_name="$1" local file_var="${var_name}_FILE" if [ -n "${!file_var}" ] && [ -f "${!file_var}" ]; then export "$var_name"="$(cat "${!file_var}")" echo "✅ Loaded $var_name from ${!file_var}" fi } # Load database password from secret file load_secret "DB_PASSWORD" # Load other secrets load_secret "APP_KEY" load_secret "VAULT_ENCRYPTION_KEY" load_secret "SHOPIFY_WEBHOOK_SECRET" load_secret "RAPIDMAIL_PASSWORD" load_secret "GIT_TOKEN" echo "✅ All secrets loaded" # Git Clone/Pull functionality if [ -n "$GIT_REPOSITORY_URL" ]; then echo "" echo "đŸ“Ĩ Cloning/Pulling code from Git repository..." GIT_BRANCH="${GIT_BRANCH:-main}" GIT_TARGET_DIR="/var/www/html" # Setup Git credentials if provided if [ -n "$GIT_TOKEN" ]; then # Use token for HTTPS authentication GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_TOKEN}@|") elif [ -n "$GIT_USERNAME" ] && [ -n "$GIT_PASSWORD" ]; then GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_USERNAME}:${GIT_PASSWORD}@|") else GIT_URL_WITH_AUTH="$GIT_REPOSITORY_URL" fi # Clone or pull repository if [ ! -d "$GIT_TARGET_DIR/.git" ]; then echo "đŸ“Ĩ Cloning repository from $GIT_REPOSITORY_URL (branch: $GIT_BRANCH)..." # Remove existing files if they exist (from image build) # But preserve storage directory if it's a volume mount if [ "$(ls -A $GIT_TARGET_DIR 2>/dev/null)" ]; then echo "🗑ī¸ Cleaning existing files (preserving storage)..." find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true fi # Clone into temporary directory first, then move contents (preserving storage) TEMP_CLONE="${GIT_TARGET_DIR}.tmp" rm -rf "$TEMP_CLONE" 2>/dev/null || true if git clone --branch "$GIT_BRANCH" --depth 1 "$GIT_URL_WITH_AUTH" "$TEMP_CLONE"; then # Remove only files/dirs that are not storage (which might be a volume mount) find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true # Move contents from temp directory to target (preserving storage) find "$TEMP_CLONE" -mindepth 1 -maxdepth 1 ! -name "." ! -name ".." -exec mv {} "$GIT_TARGET_DIR/" \; 2>/dev/null || true rm -rf "$TEMP_CLONE" 2>/dev/null || true echo "✅ Repository cloned successfully" else echo "❌ Git clone failed. Falling back to image contents." rm -rf "$TEMP_CLONE" 2>/dev/null || true fi else echo "🔄 Pulling latest changes from $GIT_BRANCH..." cd "$GIT_TARGET_DIR" # Fetch and reset to latest git fetch origin "$GIT_BRANCH" || { echo "⚠ī¸ Git fetch failed. Using existing code." } git reset --hard "origin/$GIT_BRANCH" || { echo "⚠ī¸ Git reset failed. Using existing code." } git clean -fd || true fi # Install/update dependencies if composer.json exists if [ -f "$GIT_TARGET_DIR/composer.json" ]; then echo "đŸ“Ļ Installing/updating Composer dependencies..." cd "$GIT_TARGET_DIR" composer install --no-dev --optimize-autoloader --no-interaction --no-scripts || { echo "⚠ī¸ Composer install failed. Continuing..." } # Run composer scripts if needed composer dump-autoload --optimize --classmap-authoritative || true fi echo "✅ Git sync completed" else echo "" echo "ℹī¸ GIT_REPOSITORY_URL not set, using code from image" fi echo "" echo "📊 Environment variables:" env | grep -E "DB_|APP_" | grep -v "PASSWORD|KEY|SECRET" || true # Start PHP-FPM in background (inherits all environment variables) echo "" echo "🚀 Starting PHP-FPM..." php-fpm & # Wait for PHP-FPM to be ready sleep 2 # Start nginx in foreground (inherits all environment variables) echo "🚀 Starting nginx..." exec nginx -g 'daemon off;'