87 lines
2.5 KiB
Bash
Executable File
87 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# inject-secrets.sh
|
|
# Writes GitLab CI File type variables to the secrets directory
|
|
# for K8s-style secret mounting in Docker Compose
|
|
#
|
|
# GitLab File variables provide the PATH to a temporary file containing the secret.
|
|
# This script copies those files to the expected secrets/app/ location.
|
|
#
|
|
# Required GitLab CI/CD Variables (File type):
|
|
# - POSTGRES_PASSWORD
|
|
# - AUTH0_CLIENT_SECRET
|
|
# - GOOGLE_MAPS_API_KEY
|
|
# - GOOGLE_MAPS_MAP_ID
|
|
# - CF_DNS_API_TOKEN (Cloudflare DNS API token for Let's Encrypt certificates)
|
|
#
|
|
# Required GitLab CI/CD Variables (Variable type):
|
|
# - DEPLOY_PATH
|
|
|
|
set -euo pipefail
|
|
|
|
# Configuration
|
|
DEPLOY_PATH="${DEPLOY_PATH:-/opt/motovaultpro}"
|
|
SECRETS_DIR="${DEPLOY_PATH}/secrets/app"
|
|
|
|
echo "Injecting secrets..."
|
|
echo " Deploy path: $DEPLOY_PATH"
|
|
echo " Secrets dir: $SECRETS_DIR"
|
|
|
|
# Clean up any incorrectly created directories and create secrets directory
|
|
if [ -e "$SECRETS_DIR" ] && [ ! -d "$SECRETS_DIR" ]; then
|
|
echo " Removing invalid secrets path..."
|
|
rm -rf "$SECRETS_DIR"
|
|
fi
|
|
mkdir -p "$SECRETS_DIR"
|
|
chmod 700 "$SECRETS_DIR"
|
|
|
|
# Function to inject a secret
|
|
inject_secret() {
|
|
local var_name="$1"
|
|
local file_name="$2"
|
|
local target_path="${SECRETS_DIR}/${file_name}"
|
|
|
|
# GitLab File variables contain the PATH to a temp file
|
|
local source_path="${!var_name:-}"
|
|
|
|
if [ -z "$source_path" ]; then
|
|
echo " ERROR: Variable $var_name is not set"
|
|
return 1
|
|
fi
|
|
|
|
if [ ! -f "$source_path" ]; then
|
|
echo " ERROR: File not found for $var_name at $source_path"
|
|
return 1
|
|
fi
|
|
|
|
# Remove if exists as directory (cleanup from bad previous runs)
|
|
if [ -d "$target_path" ]; then
|
|
rm -rf "$target_path"
|
|
fi
|
|
|
|
# Copy the secret file (644 so container users can read)
|
|
cp "$source_path" "$target_path"
|
|
chmod 644 "$target_path"
|
|
echo " OK: $file_name"
|
|
}
|
|
|
|
# Inject all secrets
|
|
FAILED=0
|
|
|
|
inject_secret "POSTGRES_PASSWORD" "postgres-password.txt" || FAILED=1
|
|
inject_secret "AUTH0_CLIENT_SECRET" "auth0-client-secret.txt" || FAILED=1
|
|
inject_secret "GOOGLE_MAPS_API_KEY" "google-maps-api-key.txt" || FAILED=1
|
|
inject_secret "GOOGLE_MAPS_MAP_ID" "google-maps-map-id.txt" || FAILED=1
|
|
inject_secret "CF_DNS_API_TOKEN" "cloudflare-dns-token.txt" || FAILED=1
|
|
|
|
if [ $FAILED -eq 1 ]; then
|
|
echo ""
|
|
echo "ERROR: One or more secrets failed to inject"
|
|
echo "Ensure all required CI/CD variables are configured as File type in GitLab"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "Secrets injected successfully"
|
|
echo "Files created in $SECRETS_DIR:"
|
|
ls -la "$SECRETS_DIR"
|