michaelschiemer/docker/entrypoint.sh

#!/bin/bash
set -e

echo "🔐 Loading secrets from /run/secrets/..."

# Function to load secret from file if *_FILE env var is set
load_secret() {
    local var_name="$1"
    local file_var="${var_name}_FILE"

    if [ -n "${!file_var}" ] && [ -f "${!file_var}" ]; then
        export "$var_name"="$(cat "${!file_var}")"
        echo "✅ Loaded $var_name from ${!file_var}"
    fi
}

# Load database password from secret file
load_secret "DB_PASSWORD"

# Load other secrets
load_secret "APP_KEY"
load_secret "VAULT_ENCRYPTION_KEY"
load_secret "SHOPIFY_WEBHOOK_SECRET"
load_secret "RAPIDMAIL_PASSWORD"
load_secret "GIT_TOKEN"

echo "✅ All secrets loaded"

# Git Clone/Pull functionality
if [ -n "$GIT_REPOSITORY_URL" ]; then
    echo ""
    echo "📥 Cloning/Pulling code from Git repository..."
    
    GIT_BRANCH="${GIT_BRANCH:-main}"
    GIT_TARGET_DIR="/var/www/html"
    
    # Setup Git credentials if provided
    if [ -n "$GIT_TOKEN" ]; then
        # Use token for HTTPS authentication
        GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_TOKEN}@|")
    elif [ -n "$GIT_USERNAME" ] && [ -n "$GIT_PASSWORD" ]; then
        GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_USERNAME}:${GIT_PASSWORD}@|")
    else
        GIT_URL_WITH_AUTH="$GIT_REPOSITORY_URL"
    fi
    
    # Clone or pull repository
    if [ ! -d "$GIT_TARGET_DIR/.git" ]; then
        echo "📥 Cloning repository from $GIT_REPOSITORY_URL (branch: $GIT_BRANCH)..."
        
        # Remove existing files if they exist (from image build)
        if [ "$(ls -A $GIT_TARGET_DIR 2>/dev/null)" ]; then
            echo "🗑️  Cleaning existing files..."
            rm -rf "$GIT_TARGET_DIR"/* "$GIT_TARGET_DIR"/.* 2>/dev/null || true
        fi
        
        # Clone repository
        git clone --branch "$GIT_BRANCH" --depth 1 "$GIT_URL_WITH_AUTH" "$GIT_TARGET_DIR" || {
            echo "❌ Git clone failed. Falling back to image contents."
        }
    else
        echo "🔄 Pulling latest changes from $GIT_BRANCH..."
        cd "$GIT_TARGET_DIR"
        
        # Fetch and reset to latest
        git fetch origin "$GIT_BRANCH" || {
            echo "⚠️  Git fetch failed. Using existing code."
        }
        git reset --hard "origin/$GIT_BRANCH" || {
            echo "⚠️  Git reset failed. Using existing code."
        }
        git clean -fd || true
    fi
    
    # Install/update dependencies if composer.json exists
    if [ -f "$GIT_TARGET_DIR/composer.json" ]; then
        echo "📦 Installing/updating Composer dependencies..."
        cd "$GIT_TARGET_DIR"
        composer install --no-dev --optimize-autoloader --no-interaction --no-scripts || {
            echo "⚠️  Composer install failed. Continuing..."
        }
        
        # Run composer scripts if needed
        composer dump-autoload --optimize --classmap-authoritative || true
    fi
    
    echo "✅ Git sync completed"
else
    echo ""
    echo "ℹ️  GIT_REPOSITORY_URL not set, using code from image"
fi

echo ""
echo "📊 Environment variables:"
env | grep -E "DB_|APP_" | grep -v "PASSWORD|KEY|SECRET" || true

# Start PHP-FPM in background (inherits all environment variables)
echo ""
echo "🚀 Starting PHP-FPM..."
php-fpm &

# Wait for PHP-FPM to be ready
sleep 2

# Start nginx in foreground (inherits all environment variables)
echo "🚀 Starting nginx..."
exec nginx -g 'daemon off;'