michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
760690549d42cb89385d1fc70272a8aa3096333a
michaelschiemer/docker/entrypoint.sh
Michael Schiemer 36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details
fix: Gitea Traefik routing and connection pool optimization 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00

252 lines
9.1 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Don't use 'set -e' globally - we'll handle errors explicitly for critical operations
# This allows non-critical operations (like permission changes) to fail without crashing the container
echo "=========================================="
echo "🚀 Container Entrypoint Starting"
echo "=========================================="
echo "Command: $@"
echo "Working directory: $(pwd)"
echo "User: $(whoami)"
echo ""
echo "🔐 Loading secrets..."
# Function to load secret from file if *_FILE env var is set
# This is a fallback for environments where Docker Secrets are not configured
# The Framework's DockerSecretsResolver handles *_FILE pattern automatically
load_secret_fallback() {
local var_name="$1"
local file_var="${var_name}_FILE"
# Only load manually if *_FILE is set but Framework hasn't loaded it yet
# (This is mainly for backward compatibility during migration)
if [ -n "${!file_var}" ] && [ -f "${!file_var}" ] && [ -z "${!var_name}" ]; then
export "$var_name"="$(cat "${!file_var}")"
echo "✅ Loaded $var_name from ${!file_var} (fallback)"
fi
}
# Load secrets as fallback (Framework handles *_FILE pattern automatically via DockerSecretsResolver)
# This is mainly for backward compatibility during migration
load_secret_fallback "DB_PASSWORD"
load_secret_fallback "REDIS_PASSWORD"
load_secret_fallback "APP_KEY"
load_secret_fallback "VAULT_ENCRYPTION_KEY"
load_secret_fallback "SHOPIFY_WEBHOOK_SECRET"
load_secret_fallback "RAPIDMAIL_PASSWORD"
load_secret_fallback "GIT_TOKEN"
echo "✅ Secrets loading completed (Framework handles *_FILE pattern automatically)"
# Git Clone/Pull functionality
if [ -n "$GIT_REPOSITORY_URL" ]; then
echo ""
echo "📥 Cloning/Pulling code from Git repository..."
GIT_BRANCH="${GIT_BRANCH:-main}"
GIT_TARGET_DIR="/var/www/html"
# Setup Git credentials if provided
if [ -n "$GIT_TOKEN" ]; then
# Use token for HTTPS authentication
GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_TOKEN}@|")
elif [ -n "$GIT_USERNAME" ] && [ -n "$GIT_PASSWORD" ]; then
GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_USERNAME}:${GIT_PASSWORD}@|")
else
GIT_URL_WITH_AUTH="$GIT_REPOSITORY_URL"
fi
# Clone or pull repository
if [ ! -d "$GIT_TARGET_DIR/.git" ]; then
echo "📥 Cloning repository from $GIT_REPOSITORY_URL (branch: $GIT_BRANCH)..."
# Remove existing files if they exist (from image build)
# But preserve storage directory if it's a volume mount
if [ "$(ls -A $GIT_TARGET_DIR 2>/dev/null)" ]; then
echo "🗑️ Cleaning existing files (preserving storage)..."
find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
fi
# Clone into temporary directory first, then move contents (preserving storage)
TEMP_CLONE="${GIT_TARGET_DIR}.tmp"
rm -rf "$TEMP_CLONE" 2>/dev/null || true
if git clone --branch "$GIT_BRANCH" --depth 1 "$GIT_URL_WITH_AUTH" "$TEMP_CLONE"; then
# Remove only files/dirs that are not storage (which might be a volume mount)
find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
# Move contents from temp directory to target (preserving storage)
find "$TEMP_CLONE" -mindepth 1 -maxdepth 1 ! -name "." ! -name ".." -exec mv {} "$GIT_TARGET_DIR/" \; 2>/dev/null || true
rm -rf "$TEMP_CLONE" 2>/dev/null || true
echo "✅ Repository cloned successfully"
else
echo "❌ Git clone failed. Falling back to image contents."
rm -rf "$TEMP_CLONE" 2>/dev/null || true
fi
else
echo "🔄 Pulling latest changes from $GIT_BRANCH..."
cd "$GIT_TARGET_DIR"
# Fetch and reset to latest
git fetch origin "$GIT_BRANCH" || {
echo "⚠️ Git fetch failed. Using existing code."
}
git reset --hard "origin/$GIT_BRANCH" || {
echo "⚠️ Git reset failed. Using existing code."
}
git clean -fd || true
fi
# Install/update dependencies if composer.json exists
if [ -f "$GIT_TARGET_DIR/composer.json" ]; then
echo "📦 Installing/updating Composer dependencies..."
cd "$GIT_TARGET_DIR"
composer install --no-dev --optimize-autoloader --no-interaction --no-scripts || {
echo "⚠️ Composer install failed. Continuing..."
}
# Run composer scripts if needed
composer dump-autoload --optimize --classmap-authoritative || true
fi
echo "✅ Git sync completed"
else
echo ""
echo " GIT_REPOSITORY_URL not set, using code from image"
fi
echo ""
echo "📊 Environment variables:"
env | grep -E "DB_|APP_" | grep -Ev "(PASSWORD|KEY|SECRET)" || true
echo ""
echo "📂 Checking application directory structure..."
if [ -d "/var/www/html" ]; then
echo "✅ /var/www/html exists"
echo " Contents: $(ls -la /var/www/html 2>/dev/null | head -5 | wc -l) items"
if [ -f "/var/www/html/composer.json" ]; then
echo "✅ composer.json found"
else
echo "⚠️ Warning: composer.json not found in /var/www/html"
fi
if [ -f "/var/www/html/public/index.php" ] || [ -f "/var/www/html/index.php" ]; then
echo "✅ Application entry point found"
else
echo "⚠️ Warning: Application entry point (index.php) not found"
fi
else
echo "❌ ERROR: /var/www/html does not exist!"
exit 1
fi
echo ""
echo "🛠️ Adjusting filesystem permissions..."
# Non-critical operations - don't fail if these don't work
if ! chown -R www-data:www-data /var/www/html/storage /var/www/html/bootstrap/cache 2>/dev/null; then
echo "⚠️ Warning: Failed to change ownership of storage/cache directories (may be volume mounts)"
fi
if ! find /var/www/html/storage /var/www/html/bootstrap/cache -type d -exec chmod 775 {} \; 2>/dev/null; then
echo "⚠️ Warning: Failed to set directory permissions"
fi
if ! find /var/www/html/storage /var/www/html/bootstrap/cache -type f -exec chmod 664 {} \; 2>/dev/null; then
echo "⚠️ Warning: Failed to set file permissions"
fi
# Verify required directories exist
echo ""
echo "📁 Verifying required directories..."
REQUIRED_DIRS=(
"/var/www/html"
"/var/www/html/storage"
"/var/www/html/bootstrap"
"/var/www/html/bootstrap/cache"
)
for dir in "${REQUIRED_DIRS[@]}"; do
if [ ! -d "$dir" ]; then
echo "⚠️ Warning: Required directory $dir does not exist, creating..."
mkdir -p "$dir" 2>/dev/null || echo "❌ Failed to create $dir"
fi
done
# Start PHP-FPM in background (inherits all environment variables)
echo ""
echo "🚀 Starting PHP-FPM..."
# Check if PHP-FPM binary exists
if ! command -v php-fpm &> /dev/null; then
echo "❌ ERROR: php-fpm command not found!"
exit 1
fi
# Start PHP-FPM and capture its PID
php-fpm &
PHP_FPM_PID=$!
# Wait for PHP-FPM to be ready and verify it's running
echo "⏳ Waiting for PHP-FPM to start..."
MAX_WAIT=10
WAIT_COUNT=0
while [ $WAIT_COUNT -lt $MAX_WAIT ]; do
if kill -0 $PHP_FPM_PID 2>/dev/null; then
# Check if PHP-FPM is listening on the socket
if [ -S /var/run/php/php-fpm.sock ] || [ -S /run/php/php-fpm.sock ] || netstat -tuln 2>/dev/null | grep -q ":9000"; then
echo "✅ PHP-FPM is running (PID: $PHP_FPM_PID)"
break
fi
else
echo "❌ ERROR: PHP-FPM process died immediately after startup!"
exit 1
fi
sleep 1
WAIT_COUNT=$((WAIT_COUNT + 1))
done
if [ $WAIT_COUNT -ge $MAX_WAIT ]; then
echo "⚠️ Warning: PHP-FPM may not be fully ready after ${MAX_WAIT}s, but continuing..."
echo " This may indicate a configuration issue. Check PHP-FPM logs if problems occur."
fi
# Log PHP-FPM status
echo ""
echo "📋 PHP-FPM Status:"
if kill -0 $PHP_FPM_PID 2>/dev/null; then
echo " Process: Running (PID: $PHP_FPM_PID)"
if [ -S /var/run/php/php-fpm.sock ]; then
echo " Socket: /var/run/php/php-fpm.sock (exists)"
elif [ -S /run/php/php-fpm.sock ]; then
echo " Socket: /run/php/php-fpm.sock (exists)"
elif netstat -tuln 2>/dev/null | grep -q ":9000"; then
echo " Socket: TCP port 9000 (listening)"
else
echo " Socket: Not found (may be using different configuration)"
fi
else
echo " Process: Not running (PID check failed)"
fi
# Verify nginx binary exists
if ! command -v nginx &> /dev/null; then
echo "❌ ERROR: nginx command not found!"
exit 1
fi
# Test nginx configuration before starting
echo ""
echo "🔍 Testing nginx configuration..."
if ! nginx -t 2>&1; then
echo "❌ ERROR: nginx configuration test failed!"
exit 1
fi
# Start nginx in foreground (inherits all environment variables)
echo ""
echo "🚀 Starting nginx..."
echo "=========================================="
echo "✅ All startup checks passed"
echo "🚀 Services starting..."
echo "=========================================="
exec nginx -g 'daemon off;'
Reference in New Issue View Git Blame Copy Permalink