generated from coulomb/repo-seed
tegwick
3e29bc964d
Introduce Dockerfile, entrypoint, and k8s/railiance manifests for the ArgoCD GitOps pilot (ISSUE-WP-0003). Rename the Gitea PyPI build arg to GITEA_PYPI_INDEX_URL so pip still resolves dependencies from PyPI.
31 lines
1.1 KiB
Bash
31 lines
1.1 KiB
Bash
#!/bin/sh
|
|
# Render issue-core backends.json from environment, then start the API.
|
|
#
|
|
# The backend structure (host/owner/repo/default) is non-secret and supplied
|
|
# via the BACKENDS_TEMPLATE env (a ConfigMap), with the Gitea token injected
|
|
# from GITEA_BACKEND_TOKEN (an ExternalSecret-materialized Secret). The token
|
|
# is never baked into the image or committed to Git.
|
|
set -eu
|
|
|
|
CONFIG_DIR="${HOME}/.config/issue-tracker"
|
|
mkdir -p "${CONFIG_DIR}"
|
|
|
|
: "${BACKENDS_TEMPLATE:?BACKENDS_TEMPLATE env is required}"
|
|
|
|
# Substitute the token placeholder using python (always present in the image)
|
|
# to avoid shell-escaping issues with the secret value.
|
|
GITEA_BACKEND_TOKEN="${GITEA_BACKEND_TOKEN:-}" \
|
|
BACKENDS_TEMPLATE="${BACKENDS_TEMPLATE}" \
|
|
python - "${CONFIG_DIR}/backends.json" <<'PY'
|
|
import json, os, sys
|
|
tmpl = json.loads(os.environ["BACKENDS_TEMPLATE"])
|
|
token = os.environ.get("GITEA_BACKEND_TOKEN", "")
|
|
for cfg in tmpl.values():
|
|
if isinstance(cfg, dict) and cfg.get("token") == "__FROM_ENV__":
|
|
cfg["token"] = token
|
|
with open(sys.argv[1], "w") as fh:
|
|
json.dump(tmpl, fh, indent=2)
|
|
PY
|
|
|
|
exec issue serve --host 0.0.0.0 --port 8765 --log-level "${LOG_LEVEL:-info}"
|