generate bucket.env

Author: ro0NL

Makefile

@@ -24,7 +24,7 @@ update:
 update-recipes:
 	${composer} symfony:sync-recipes --force
 shell:
-	${exec} $${SERVICE:-app} sh
+	${exec} $${SERVICE:-app} sh -c "if [ -f /run/secrets/env_bucket ]; then set -a && . /run/secrets/env_bucket; fi; sh"
 mysql:
 	${exec} $${SERVICE:-db} sh -c "mysql -u \$${MYSQL_USER} -p\$${MYSQL_PASSWORD} \$${MYSQL_DATABASE}"
 

README.md

@@ -196,14 +196,19 @@ devops/bin/json.sh -f devops/environment/dev/secrets/bucket.json '{"SOME_SECRET"
 
 # read value
 value=$(devops/bin/json.sh -r devops/environment/dev/secrets/bucket.json SOME_SECRET)
+
+# export .env file
+devops/bin/json.sh -e devops/environment/dev/secrets/bucket.json devops/environment/dev/secrets/bucket.env
 ```
 
-The [OpenSSL] binary is available at:
+The [OpenSSL] binary is available using:
 
 ```bash
 devops/bin/openssl.sh genrsa ...
 ```
 
+ℹ️ The environment variables from `bucket.env` are sourced as real environment variables on start-up
+
 # Create Application
 
 Bootstrap the initial skeleton first:

devops/bin/json.sh

@@ -2,13 +2,19 @@
 
 force=0; [ "$1" = -f ] && shift && force=1
 read=0; [ "$1" = -r ] && shift && read=1
+export=0; [ "$1" = -e ] && shift && export=1
 file=${1:?}
 json=${2:?}
 
 php="docker run --init -i --rm -v $(pwd):/app -w /app -u $(id -u):$(id -g) composer php"
 source='{}'; [ -f "${file}" ] && source=$(cat "${file}")
 old=$(printf '%s' "${source}" | ${php} -r "var_export(json_decode(trim(file_get_contents('php://stdin')), true, 512, JSON_THROW_ON_ERROR));")
 
+if [ ${export} -eq 1 ]; then
+    ${php} -r "foreach (array_map('escapeshellarg', array_filter(${old}, 'is_string')) as \$k => \$v) { echo \"{\$k}={\$v}\n\"; }" > "${json}"
+    exit $?
+fi
+
 if [ ${read} -eq 1 ]; then
     printf '%s' "${json}" | ${php} -r "echo (${old})[file_get_contents('php://stdin')] ?? '';"
     exit $?

devops/environment/base/docker-compose.yaml

@@ -15,7 +15,8 @@ services:
     build:
       <<: *base
       target: "app-${STAGING_ENV:?}"
-    secrets: [json_bucket]
+    secrets: [json_bucket, env_bucket]
+    command: [sh, -c, "set -a && . /run/secrets/env_bucket && php-fpm"]
 
   web:
     build:
@@ -26,3 +27,5 @@ services:
 secrets:
   json_bucket:
     file: ./secrets/bucket.json
+  env_bucket:
+    file: ./secrets/bucket.env

devops/environment/base/setup.sh

@@ -40,4 +40,7 @@ cd "../${staging_env}/secrets"
 ${json} bucket.json "{\"APP_SECRET\": \"$(${openssl} rand -hex 16)\"}"
 [ $? -ne 0 ] && cd - && exit 1
 
+${json} -e bucket.json bucket.env
+[ $? -ne 0 ] && cd - && exit 1
+
 cd - >/dev/null