michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
333dc04404627756bc31718082659170fda9b9f2
michaelschiemer/docker/entrypoint.sh
Michael Schiemer 24cbbccf4c feat: update deployment configuration and encrypted env loader 
- Update Ansible playbooks and roles for application deployment
- Add new Gitea/Traefik troubleshooting playbooks
- Update Docker Compose configurations (base, local, staging, production)
- Enhance EncryptedEnvLoader with improved error handling
- Add deployment scripts (autossh setup, migration, secret testing)
- Update CI/CD workflows and documentation
- Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00

129 lines
5.2 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
set -e
echo "🔐 Loading secrets..."
# Function to load secret from file if *_FILE env var is set
# This is a fallback for environments where Docker Secrets are not configured
# The Framework's DockerSecretsResolver handles *_FILE pattern automatically
load_secret_fallback() {
local var_name="$1"
local file_var="${var_name}_FILE"
# Only load manually if *_FILE is set but Framework hasn't loaded it yet
# (This is mainly for backward compatibility during migration)
if [ -n "${!file_var}" ] && [ -f "${!file_var}" ] && [ -z "${!var_name}" ]; then
export "$var_name"="$(cat "${!file_var}")"
echo "✅ Loaded $var_name from ${!file_var} (fallback)"
fi
}
# Load secrets as fallback (Framework handles *_FILE pattern automatically via DockerSecretsResolver)
# This is mainly for backward compatibility during migration
load_secret_fallback "DB_PASSWORD"
load_secret_fallback "REDIS_PASSWORD"
load_secret_fallback "APP_KEY"
load_secret_fallback "VAULT_ENCRYPTION_KEY"
load_secret_fallback "SHOPIFY_WEBHOOK_SECRET"
load_secret_fallback "RAPIDMAIL_PASSWORD"
load_secret_fallback "GIT_TOKEN"
echo "✅ Secrets loading completed (Framework handles *_FILE pattern automatically)"
# Git Clone/Pull functionality
if [ -n "$GIT_REPOSITORY_URL" ]; then
echo ""
echo "📥 Cloning/Pulling code from Git repository..."
GIT_BRANCH="${GIT_BRANCH:-main}"
GIT_TARGET_DIR="/var/www/html"
# Setup Git credentials if provided
if [ -n "$GIT_TOKEN" ]; then
# Use token for HTTPS authentication
GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_TOKEN}@|")
elif [ -n "$GIT_USERNAME" ] && [ -n "$GIT_PASSWORD" ]; then
GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_USERNAME}:${GIT_PASSWORD}@|")
else
GIT_URL_WITH_AUTH="$GIT_REPOSITORY_URL"
fi
# Clone or pull repository
if [ ! -d "$GIT_TARGET_DIR/.git" ]; then
echo "📥 Cloning repository from $GIT_REPOSITORY_URL (branch: $GIT_BRANCH)..."
# Remove existing files if they exist (from image build)
# But preserve storage directory if it's a volume mount
if [ "$(ls -A $GIT_TARGET_DIR 2>/dev/null)" ]; then
echo "🗑️ Cleaning existing files (preserving storage)..."
find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
fi
# Clone into temporary directory first, then move contents (preserving storage)
TEMP_CLONE="${GIT_TARGET_DIR}.tmp"
rm -rf "$TEMP_CLONE" 2>/dev/null || true
if git clone --branch "$GIT_BRANCH" --depth 1 "$GIT_URL_WITH_AUTH" "$TEMP_CLONE"; then
# Remove only files/dirs that are not storage (which might be a volume mount)
find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
# Move contents from temp directory to target (preserving storage)
find "$TEMP_CLONE" -mindepth 1 -maxdepth 1 ! -name "." ! -name ".." -exec mv {} "$GIT_TARGET_DIR/" \; 2>/dev/null || true
rm -rf "$TEMP_CLONE" 2>/dev/null || true
echo "✅ Repository cloned successfully"
else
echo "❌ Git clone failed. Falling back to image contents."
rm -rf "$TEMP_CLONE" 2>/dev/null || true
fi
else
echo "🔄 Pulling latest changes from $GIT_BRANCH..."
cd "$GIT_TARGET_DIR"
# Fetch and reset to latest
git fetch origin "$GIT_BRANCH" || {
echo "⚠️ Git fetch failed. Using existing code."
}
git reset --hard "origin/$GIT_BRANCH" || {
echo "⚠️ Git reset failed. Using existing code."
}
git clean -fd || true
fi
# Install/update dependencies if composer.json exists
if [ -f "$GIT_TARGET_DIR/composer.json" ]; then
echo "📦 Installing/updating Composer dependencies..."
cd "$GIT_TARGET_DIR"
composer install --no-dev --optimize-autoloader --no-interaction --no-scripts || {
echo "⚠️ Composer install failed. Continuing..."
}
# Run composer scripts if needed
composer dump-autoload --optimize --classmap-authoritative || true
fi
echo "✅ Git sync completed"
else
echo ""
echo " GIT_REPOSITORY_URL not set, using code from image"
fi
echo ""
echo "📊 Environment variables:"
env | grep -E "DB_|APP_" | grep -Ev "(PASSWORD|KEY|SECRET)" || true
echo ""
echo "🛠️ Adjusting filesystem permissions..."
chown -R www-data:www-data /var/www/html/storage /var/www/html/bootstrap/cache 2>/dev/null || true
find /var/www/html/storage /var/www/html/bootstrap/cache -type d -exec chmod 775 {} \; 2>/dev/null || true
find /var/www/html/storage /var/www/html/bootstrap/cache -type f -exec chmod 664 {} \; 2>/dev/null || true
# Start PHP-FPM in background (inherits all environment variables)
echo ""
echo "🚀 Starting PHP-FPM..."
php-fpm &
# Wait for PHP-FPM to be ready
sleep 2
# Start nginx in foreground (inherits all environment variables)
echo "🚀 Starting nginx..."
exec nginx -g 'daemon off;'
Reference in New Issue View Git Blame Copy Permalink