mirror of
https://github.com/invoiceninja/dockerfiles.git
synced 2025-12-31 19:47:25 +01:00
Support docker secrets via _FILE
This commit is contained in:
Holger Lösken
committed by
Samuel Laulhau
Samuel Laulhau
parent
6b25f47ba1
commit
8245a57117
@@ -10,7 +10,7 @@ LABEL maintainer="Samuel Laulhau <sam@lalop.co>, Holger Lösken <holger.loesken@
|
||||
ARG INVOICENINJA_VERSION
|
||||
WORKDIR /var/www/app
|
||||
|
||||
COPY ./alpine/entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
COPY entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
RUN chmod +x /usr/local/bin/docker-entrypoint
|
||||
|
||||
RUN set -eux; \
|
||||
|
||||
@@ -31,13 +31,14 @@ RUN npm install
|
||||
# Prepare php image
|
||||
FROM php:${PHP_VERSION}-fpm-alpine
|
||||
ARG INVOICENINJA_VERSION
|
||||
ENV INVOICENINJA_VERSION=$INVOICENINJA_VERSION
|
||||
|
||||
LABEL maintainer="Samuel Laulhau <sam@lalop.co>, Holger Lösken <holger.loesken@codedge.de>"
|
||||
|
||||
WORKDIR /var/www/app
|
||||
|
||||
COPY --from=frontend /var/www/app /var/www/app
|
||||
COPY ./alpine/entrypoint_v5.sh /usr/local/bin/docker-entrypoint
|
||||
COPY entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
RUN chmod +x /usr/local/bin/docker-entrypoint
|
||||
|
||||
RUN set -eux; \
|
||||
@@ -90,8 +91,5 @@ RUN composer install --no-dev --no-suggest --no-progress
|
||||
ENV APP_ENV production
|
||||
ENV LOG errorlog
|
||||
|
||||
# Use to be mounted into nginx
|
||||
VOLUME /var/www/app/public
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint"]
|
||||
CMD ["php-fpm"]
|
||||
@@ -1,76 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
set -e
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
mysql_error "Both $var and $fileVar are set (but are exclusive)"
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- php-fpm "$@"
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -d /var/www/app/storage ]; then
|
||||
cp -Rp /var/www/app/docker-backup-storage /var/www/app/storage
|
||||
else
|
||||
IN_STORAGE_BACKUP="$(ls /var/www/app/docker-backup-storage/)"
|
||||
for path in $IN_STORAGE_BACKUP; do
|
||||
if [ ! -e "/var/www/app/storage/$path" ]; then
|
||||
cp -Rp "/var/www/app/docker-backup-storage/$path" "/var/www/app/storage/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ ! -d /var/www/app/public/logo ]; then
|
||||
cp -Rp /var/www/app/docker-backup-public/logo /var/www/app/public/logo
|
||||
else
|
||||
IN_LOGO_BACKUP="$(ls /var/www/app/docker-backup-public/logo/)"
|
||||
for path in $IN_LOGO_BACKUP; do
|
||||
if [ ! -e "/var/www/app/public/logo/$path" ]; then
|
||||
cp -Rp "/var/www/app/docker-backup-public/logo/$path" "/var/www/app/public/logo/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# compare public volume version with image version
|
||||
if [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
|
||||
cp -au /var/www/app/docker-backup-public/* /var/www/app/public/
|
||||
echo $INVOICENINJA_VERSION > /var/www/app/public/version
|
||||
fi
|
||||
|
||||
# Set permission for mounted directories
|
||||
chown invoiceninja:www-data /var/www/app/storage
|
||||
chown invoiceninja:www-data /var/www/app/public
|
||||
|
||||
# Initialize values that might be stored in a file
|
||||
file_env 'APP_KEY'
|
||||
file_env 'API_SECRET'
|
||||
file_env 'CLOUDFLARE_API_KEY'
|
||||
file_env 'DB_USERNAME'
|
||||
file_env 'DB_PASSWORD'
|
||||
file_env 'MAIL_USERNAME'
|
||||
file_env 'MAIL_PASSWORD'
|
||||
file_env 'MAILGUN_SECRET'
|
||||
file_env 'S3_KEY'
|
||||
file_env 'S3_SECRET'
|
||||
|
||||
|
||||
exec docker-php-entrypoint "$@"
|
||||
@@ -1,50 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
set -e
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- php-fpm "$@"
|
||||
fi
|
||||
|
||||
BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
|
||||
BAK_LOGO_PATH=/var/www/app/docker-backup-public/logo/
|
||||
|
||||
if [ ! -d /var/www/app/storage ]; then
|
||||
cp -Rp $BAK_STORAGE_PATH /var/www/app/storage
|
||||
else
|
||||
if [ -d $BAK_STORAGE_PATH ]; then
|
||||
IN_STORAGE_BACKUP="$(ls $BAK_STORAGE_PATH)"
|
||||
for path in $IN_STORAGE_BACKUP; do
|
||||
if [ ! -e "/var/www/app/storage/$path" ]; then
|
||||
cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d /var/www/app/public/logo ] && [ -d $BAK_LOGO_PATH ]; then
|
||||
cp -Rp $BAK_LOGO_PATH /var/www/app/public/logo
|
||||
else
|
||||
if [ -d $BAK_LOGO_PATH ]; then
|
||||
IN_LOGO_BACKUP="$(ls $BAK_LOGO_PATH)"
|
||||
for path in $IN_LOGO_BACKUP; do
|
||||
if [ ! -e "/var/www/app/public/logo/$path" ]; then
|
||||
cp -Rp "$BAK_LOGO_PATH/$path" "/var/www/app/public/logo/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
# compare public volume version with image version
|
||||
if [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
|
||||
cp -au /var/www/app/docker-backup-public/* /var/www/app/public/
|
||||
echo $INVOICENINJA_VERSION > /var/www/app/public/version
|
||||
fi
|
||||
|
||||
# Set permission for mounted directories
|
||||
chown invoiceninja:www-data /var/www/app/storage
|
||||
chown invoiceninja:www-data /var/www/app/public
|
||||
|
||||
php artisan optimize
|
||||
|
||||
exec docker-php-entrypoint "$@"
|
||||
@@ -1,4 +1,4 @@
|
||||
version: '3.6'
|
||||
version: '3.7'
|
||||
|
||||
services:
|
||||
server:
|
||||
@@ -32,7 +32,7 @@ services:
|
||||
restart: always
|
||||
environment:
|
||||
- APP_URL=https://localhost
|
||||
- APP_KEY=base64:G+jZ7pXdRYf4RHGklA1rstbDzEoZKM2ybv4y7VUeyHE=
|
||||
- APP_KEY=<INSERT THE GENERATED APPLICATION KEY HERE>
|
||||
- MULTI_DB_ENABLED=false
|
||||
- DB_HOST1=db
|
||||
volumes:
|
||||
|
||||
110
entrypoint.sh
Executable file
110
entrypoint.sh
Executable file
@@ -0,0 +1,110 @@
|
||||
#!/usr/bin/env sh
|
||||
set -e
|
||||
|
||||
# logging functions
|
||||
in_log() {
|
||||
local type="$1"; shift
|
||||
printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
|
||||
}
|
||||
|
||||
in_error() {
|
||||
in_log ERROR "$@" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Indirect expansion (ie) is not supported in bourne shell. That's why we are using this clunkiness here.
|
||||
ie_gv() {
|
||||
local line name value
|
||||
set | \
|
||||
while read line; do
|
||||
name=${line%=*} value=${line#*=\'}
|
||||
if [ "$name" = "$1" ]; then
|
||||
echo ${value%\'}
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "$(ie_gv ${var})" != "" ] && [ "$(ie_gv ${fileVar})" != "" ]; then
|
||||
in_error "Both $var and $fileVar are set (but are exclusive)"
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
if [ "$(ie_gv ${var})" != "" ]; then
|
||||
val=$(ie_gv ${var})
|
||||
elif [ "$(ie_gv ${fileVar})" != "" ]; then
|
||||
val=`cat $(ie_gv ${fileVar})`
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- php-fpm "$@"
|
||||
fi
|
||||
|
||||
BAK_STORAGE_PATH=/var/www/app/docker-backup-storage/
|
||||
BAK_LOGO_PATH=/var/www/app/docker-backup-public/logo/
|
||||
|
||||
if [ ! -d /var/www/app/storage ]; then
|
||||
cp -Rp $BAK_STORAGE_PATH /var/www/app/storage
|
||||
else
|
||||
if [ -d $BAK_STORAGE_PATH ]; then
|
||||
IN_STORAGE_BACKUP="$(ls $BAK_STORAGE_PATH)"
|
||||
for path in $IN_STORAGE_BACKUP; do
|
||||
if [ ! -e "/var/www/app/storage/$path" ]; then
|
||||
cp -Rp "$BAK_STORAGE_PATH/$path" "/var/www/app/storage/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d /var/www/app/public/logo ] && [ -d $BAK_LOGO_PATH ]; then
|
||||
cp -Rp $BAK_LOGO_PATH /var/www/app/public/logo
|
||||
else
|
||||
if [ -d $BAK_LOGO_PATH ]; then
|
||||
IN_LOGO_BACKUP="$(ls $BAK_LOGO_PATH)"
|
||||
for path in $IN_LOGO_BACKUP; do
|
||||
if [ ! -e "/var/www/app/public/logo/$path" ]; then
|
||||
cp -Rp "$BAK_LOGO_PATH/$path" "/var/www/app/public/logo/"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
# compare public volume version with image version
|
||||
if [ ! -e /var/www/app/public/version ] || [ "$INVOICENINJA_VERSION" != "$(cat /var/www/app/public/version)" ]; then
|
||||
cp -au /var/www/app/docker-backup-public/* /var/www/app/public/
|
||||
echo $INVOICENINJA_VERSION > /var/www/app/public/version
|
||||
fi
|
||||
|
||||
# Set permission for mounted directories
|
||||
chown invoiceninja:www-data /var/www/app/storage
|
||||
chown invoiceninja:www-data /var/www/app/public
|
||||
|
||||
# Initialize values that might be stored in a file
|
||||
file_env 'APP_KEY'
|
||||
file_env 'API_SECRET'
|
||||
file_env 'CLOUDFLARE_API_KEY'
|
||||
file_env 'DB_USERNAME'
|
||||
file_env 'DB_PASSWORD'
|
||||
file_env 'MAIL_USERNAME'
|
||||
file_env 'MAIL_PASSWORD'
|
||||
file_env 'MAILGUN_SECRET'
|
||||
file_env 'S3_KEY'
|
||||
file_env 'S3_SECRET'
|
||||
|
||||
# Run Laravel stuff
|
||||
php artisan optimize
|
||||
|
||||
exec docker-php-entrypoint "$@"
|
||||
Reference in New Issue
Block a user