From 8a1421117fd9ebf4804db2dc2635a0154de08bbe Mon Sep 17 00:00:00 2001
From: pedro <git2021@cas.cat>
Date: Fri, 2 Feb 2024 19:36:57 +0100
Subject: [PATCH] deployment for early pilots (first on test pilot)

- includes idhub entrypoint relevant refactor
- prepare env vars for test pilot
---
 .env.example                   |  5 +-
 docker-compose__pilot-test.yml |  3 +-
 docker/idhub.entrypoint.sh     | 98 +++++++++++++++++++++-------------
 3 files changed, 67 insertions(+), 39 deletions(-)

diff --git a/.env.example b/.env.example
index 47a3257..f61fb93 100644
--- a/.env.example
+++ b/.env.example
@@ -9,7 +9,7 @@
 MUSICIAN_SECRET_KEY='changeme_v9&&N$Lt9t*5EGwm0w'
 # specially useful if you want to deploy in a specific domain
 MUSICIAN_API_BASE_URL='https://orchestra.example.org'
-MUSICIAN_ALLOWED_HOSTS='musician.example.org'
+MUSICIAN_ALLOWED_HOSTS='127.0.0.1,localhost,musician.example.org'
 MUSICIAN_DOMAIN='musician.example.org'
 
 # DEVICEHUB
@@ -93,6 +93,9 @@ IDHUB_EMAIL='admin@example.org'
 #   by default it is set to 'y' to facilitate idhub dev when outside docker
 IDHUB_SYNC_ORG_DEV='n'
 
+IDHUB_PILOT_TEST__IDHUB_DEPLOYMENT='PILOTS_EARLY'
+IDHUB_PILOT_TEST__ADMIN_EMAIL='idhub_admin@pangea.org'
+
 # AUTHENTIK aka goauthentik
 ####
 
diff --git a/docker-compose__pilot-test.yml b/docker-compose__pilot-test.yml
index 844d343..53e1c26 100644
--- a/docker-compose__pilot-test.yml
+++ b/docker-compose__pilot-test.yml
@@ -5,7 +5,8 @@ services:
     init: true
     image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
     environment:
-      - DEPLOYMENT=${IDHUB_DEPLOYMENT}
+      - DEPLOYMENT=${IDHUB_PILOT_TEST__IDHUB_DEPLOYMENT}
+      - ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
       - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
       - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
       - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
diff --git a/docker/idhub.entrypoint.sh b/docker/idhub.entrypoint.sh
index 3d26545..09658af 100755
--- a/docker/idhub.entrypoint.sh
+++ b/docker/idhub.entrypoint.sh
@@ -4,6 +4,64 @@ set -e
 set -u
 set -x
 
+
+usage() {
+                cat <<END
+ERROR: you need to map your idhub git repo volume to docker, suggested volume mapping is:
+
+    volumes:
+      - ./IdHub:/opt/idhub
+END
+                exit 1
+}
+
+inject_env_vars() {
+        # related https://www.kenmuse.com/blog/avoiding-dubious-ownership-in-dev-containers/
+        git config --global --add safe.directory "${idhub_dir}"
+        export GIT_COMMIT="$(git log --pretty=format:'%h' -n 1)"
+
+        # enable dev flags when DEVELOPMENT deployment
+        case "${DEPLOYMENT}" in
+                DEVELOPMENT)
+                        export DEBUG=True
+                        export DEVELOPMENT=True
+                        ;;
+                PILOTS_EARLY)
+                        export DEBUG=True
+                        export DEVELOPMENT=False
+                        ;;
+        esac
+}
+
+deployment_strategy() {
+        # detect if existing deployment (TODO only works with sqlite)
+        if [ -f "${idhub_dir}/db.sqlite3" ]; then
+                echo "INFO: detected EXISTING deployment"
+                ./manage.py makemigrations
+                ./manage.py migrate
+        else
+                # move the migrate thing in docker entrypoint
+                #   inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
+                echo "INFO detected NEW deployment"
+                ./manage.py migrate
+
+                case "${DEPLOYMENT}" in
+                        DEVELOPMENT|PILOTS_EARLY)
+                                printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n  creating initial Datas\n" >&2
+                                ./manage.py initial_datas
+
+                                if [ "${RESPONSE_URI:-}" ]; then
+                                        config_oidc4vp
+                                fi
+                                ;;
+                        PROD)
+                        printf "creating superuser \n  user: ${DJANGO_SUPERUSER_USERNAME}\n  password: ${DJANGO_SUPERUSER_PASSWORD}\n  email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
+                        ## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
+                        ./manage.py createsuperuser --no-input
+                esac
+        fi
+}
+
 _set() {
         key="${1}"
         value="${2}"
@@ -45,46 +103,12 @@ main() {
         cd "${idhub_dir}"
 
         if [ ! -f "./manage.py" ]; then
-                cat <<END
-ERROR: you need to map your idhub git repo volume to docker, suggested volume mapping is:
-
-    volumes:
-      - ./IdHub:/opt/idhub
-END
-
-                exit 1
+                usage
         fi
 
-        # detect if existing deployment (TODO only works with sqlite)
-        if [ -f "${idhub_dir}/db.sqlite3" ]; then
-                echo "INFO: detected EXISTING deployment"
-                ./manage.py makemigrations
-                ./manage.py migrate
-        else
-                # move the migrate thing in docker entrypoint
-                #   inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
-                echo "INFO detected NEW deployment"
-                ./manage.py migrate
+        deployment_strategy
 
-                if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
-                        printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n  creating initial Datas\n" >&2
-                        ./manage.py initial_datas
-
-                        if [ "${RESPONSE_URI:-}" ]; then
-                                config_oidc4vp
-                        fi
-                else
-                        printf "creating superuser \n  user: ${DJANGO_SUPERUSER_USERNAME}\n  password: ${DJANGO_SUPERUSER_PASSWORD}\n  email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
-                        ## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
-                        ./manage.py createsuperuser --no-input
-                fi
-        fi
-
-        # enable dev flags when DEVELOPMENT deployment
-        if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
-                export DEBUG=True
-                export DEVELOPMENT=True
-        fi
+        inject_env_vars
 
         #./manage.py collectstatic