Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-08-03 20:45:27 +02:00
Code Issues Releases Activity

fix: Read secret files without requiring trailing newline

Browse source 
Closes #1222, closes #1272
This commit is contained in:
Maksim Eltyshev 2025-07-30 13:51:24 +02:00
parent c272a65015
commit a37a6b45b1
1 changed files with 21 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

54
server/start.sh
View file

@ -2,46 +2,34 @@
set -eu
# Load secrets from files if *__FILE variables are provided.
# Only the first line of each file is read (newline excluded).
# Load secrets from files if corresponding *__FILE environment variables are set.
# Only the first line of each file is read (stripping carriage returns and newlines).
read_secret() {
local file="$1"
head -n 1 "$file" | tr -d '\r\n'
}
load_secret() {
local envar="$1"
local file="${envar}__FILE"
if [[ -z "${!envar:-}" && -e "${!file:-}" ]]; then
export "$envar"="$(read_secret "${!file}")"
fi
}
# DATABASE_PASSWORD (used to dynamically inject into DATABASE_URL)
if [[ -n "${DATABASE_URL}" ]]; then
if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then
read DATABASE_PASSWORD < "${DATABASE_PASSWORD__FILE}"
DATABASE_PASSWORD="$(read_secret "${DATABASE_PASSWORD__FILE}")"
export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"
fi
fi
# SECRET_KEY
if [[ -z "${SECRET_KEY:-}" && -e "${SECRET_KEY__FILE:-}" ]]; then
read SECRET_KEY < "${SECRET_KEY__FILE}"
export SECRET_KEY
fi
# DEFAULT_ADMIN_PASSWORD
if [[ -z "${DEFAULT_ADMIN_PASSWORD:-}" && -e "${DEFAULT_ADMIN_PASSWORD__FILE:-}" ]]; then
read DEFAULT_ADMIN_PASSWORD < "${DEFAULT_ADMIN_PASSWORD__FILE}"
export DEFAULT_ADMIN_PASSWORD
fi
# S3_SECRET_ACCESS_KEY
if [[ -z "${S3_SECRET_ACCESS_KEY:-}" && -e "${S3_SECRET_ACCESS_KEY__FILE:-}" ]]; then
read S3_SECRET_ACCESS_KEY < "${S3_SECRET_ACCESS_KEY__FILE}"
export S3_SECRET_ACCESS_KEY
fi
# OIDC_CLIENT_SECRET
if [[ -z "${OIDC_CLIENT_SECRET:-}" && -e "${OIDC_CLIENT_SECRET__FILE:-}" ]]; then
read OIDC_CLIENT_SECRET < "${OIDC_CLIENT_SECRET__FILE}"
export OIDC_CLIENT_SECRET
fi
# SMTP_PASSWORD
if [[ -z "${SMTP_PASSWORD:-}" && -e "${SMTP_PASSWORD__FILE:-}" ]]; then
read SMTP_PASSWORD < "${SMTP_PASSWORD__FILE}"
export SMTP_PASSWORD
fi
load_secret SECRET_KEY
load_secret DEFAULT_ADMIN_PASSWORD
load_secret S3_SECRET_ACCESS_KEY
load_secret OIDC_CLIENT_SECRET
load_secret SMTP_PASSWORD
export NODE_ENV=production