This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
idhub-docker/docker/idhub.entrypoint.sh
pedro 35b8a294a4 deployment for early pilots (first on test pilot)
- includes idhub entrypoint relevant refactor
- prepare env vars for test pilot
2024-02-02 19:43:36 +01:00

119 lines
4.2 KiB
Bash
Executable file

#!/bin/sh
set -e
set -u
set -x
usage() {
cat <<END
ERROR: you need to map your idhub git repo volume to docker, suggested volume mapping is:
volumes:
- ./IdHub:/opt/idhub
END
exit 1
}
inject_env_vars() {
# related https://www.kenmuse.com/blog/avoiding-dubious-ownership-in-dev-containers/
git config --global --add safe.directory "${idhub_dir}"
export GIT_COMMIT="$(git log --pretty=format:'%h' -n 1)"
# enable dev flags when DEVELOPMENT deployment
case "${DEPLOYMENT}" in
DEVELOPMENT)
export DEBUG=True
export DEVELOPMENT=True
;;
PILOTS_EARLY)
export DEBUG=True
export DEVELOPMENT=False
;;
esac
}
deployment_strategy() {
# detect if existing deployment (TODO only works with sqlite)
if [ -f "${idhub_dir}/db.sqlite3" ]; then
echo "INFO: detected EXISTING deployment"
./manage.py makemigrations
./manage.py migrate
else
# move the migrate thing in docker entrypoint
# inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
echo "INFO detected NEW deployment"
./manage.py migrate
case "${DEPLOYMENT}" in
DEVELOPMENT|PILOTS_EARLY)
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
./manage.py initial_datas
if [ "${RESPONSE_URI:-}" ]; then
config_oidc4vp
fi
;;
PROD)
printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
./manage.py createsuperuser --no-input
esac
fi
}
_set() {
key="${1}"
value="${2}"
response_uri="${3}"
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
}
_get() {
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
}
config_oidc4vp() {
# populate your config
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
data="$(_get)"
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file}
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2
# get other configs
for host in /sharedsecret/*; do
# we are flexible on querying for RESPONSE_URI: the first one based on regex
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
_set my_client_id ${client_id} ${target_uri}
_set my_client_secret ${client_secret} ${target_uri}
fi
done
}
main() {
idhub_dir='/opt/idhub'
cd "${idhub_dir}"
if [ ! -f "./manage.py" ]; then
usage
fi
deployment_strategy
inject_env_vars
#./manage.py collectstatic
./manage.py runserver 0.0.0.0:${PORT}
}
main "${@}"