planka/server/start.sh

#!/bin/bash

set -eu

# Load secrets from files if needed. Only the first line, not including the \n,
# is loaded.
if [[ -z "${SECRET_KEY:-}" && -e "${SECRET_KEY__FILE:-}" ]]; then
  read SECRET_KEY <"${SECRET_KEY__FILE}"
  export SECRET_KEY
fi
if [[ -z "${SMTP_PASSWORD:-}" && -e "${SMTP_PASSWORD__FILE:-}" ]]; then
  read SMTP_PASSWORD <"${SMTP_PASSWORD__FILE}"
  export SMTP_PASSWORD
fi
if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then
  read DATABASE_PASSWORD <"${DATABASE_PASSWORD__FILE}"
  # No need to export DATABASE_PASSWORD, it is only used below.
fi
# Replace the exact "${DATABASE_PASSWORD}" string in the DATABASE_URL
# environment variable with the contents of DATABASE_PASSWORD.
if [[ -n "${DATABASE_PASSWORD:-}" && -n "${DATABASE_URL}" ]]; then
  export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"
fi

export NODE_ENV=production

node db/init.js
exec node app.js --prod
Add start script for Docker image, pre-commit lint check, package.json scripts cleanup 2020-04-24 21:44:54 +05:00			`#!/bin/bash`
feat: Support loading passwords from docker secrets Docker secrets are exposed as files in `/run/secrets/` inside the container instead of as environment variables. To support deployments where the passwords are stored in secrets, this patch adds support for loading the `SMTP_PASSWORD`, `SECRET_KEY` and the database password from files, using the `__FILE` suffix convention found in many docker images. The database password is part of the `DATABASE_URL` environment variable, if a password is used at all. To support injecting the password into the DATABASE_URL without having to use the whole URL as the secret, the `start.sh` replaces the string `${DATABASE_PASSWORD}` in the `DATABASE_URL` environment variable by the contents of the `DATABASE_PASSWORD` variable, which can now also be loaded from the corresponding file passed in `DATABASE_PASSWORD__FILE`. These changes are backwards compatible since they only load the `__FILE` suffix version if the original variable was not set the `__FILE` one is set. Added comments in docker-compose.yml with examples for discoverability of the feature. Tested this on top of 2.0.0-rc.2. 2025-05-15 19:58:40 +09:00
			`set -eu`

			`# Load secrets from files if needed. Only the first line, not including the \n,`
			`# is loaded.`
			`if [[ -z "${SECRET_KEY:-}" && -e "${SECRET_KEY__FILE:-}" ]]; then`
			`read SECRET_KEY <"${SECRET_KEY__FILE}"`
			`export SECRET_KEY`
			`fi`
			`if [[ -z "${SMTP_PASSWORD:-}" && -e "${SMTP_PASSWORD__FILE:-}" ]]; then`
			`read SMTP_PASSWORD <"${SMTP_PASSWORD__FILE}"`
			`export SMTP_PASSWORD`
			`fi`
			`if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then`
			`read DATABASE_PASSWORD <"${DATABASE_PASSWORD__FILE}"`
			`# No need to export DATABASE_PASSWORD, it is only used below.`
			`fi`
			`# Replace the exact "${DATABASE_PASSWORD}" string in the DATABASE_URL`
			`# environment variable with the contents of DATABASE_PASSWORD.`
			`if [[ -n "${DATABASE_PASSWORD:-}" && -n "${DATABASE_URL}" ]]; then`
			`export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"`
			`fi`

			`export NODE_ENV=production`

			`node db/init.js`
			`exec node app.js --prod`