Kiu/Semaphore
Kiu/Semaphore
1
0
Fork 0
mirror of https://github.com/semaphoreui/semaphore.git synced 2025-01-20 15:29:28 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1056 from vaerh/develop

Browse Source 
Using docker secrets to pass sensitive information via "_FILE" variables.
This commit is contained in:
Denis Gukov 2022-10-25 17:45:36 +05:00 committed by GitHub
commit dea5a0fb8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
deployment/docker/common/semaphore-wrapper
View File

@ -4,6 +4,26 @@ set -e
echoerr() { printf "%s\n" "$*" >&2; }
file_env() {
local var=""
local fileVar=""
eval var="\$${1}"
eval fileVar="\$${1}_FILE"
local def="${2:-}"
if [ -n "${var:-}" ] && [ -n "${fileVar:-}" ]; then
echo >&2 "error: both ${1} and ${1}_FILE are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ -n "${var:-}" ]; then
val="${var}"
elif [ -n "${fileVar:-}" ]; then
val="$(cat "${fileVar}")"
fi
export "${1}"="$val"
unset "${1}_FILE"
}
SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}"
SEMAPHORE_TMP_PATH="${SEMAPHORE_TMP_PATH:-/tmp/semaphore}"
@ -13,22 +33,22 @@ SEMAPHORE_DB_HOST="${SEMAPHORE_DB_HOST:-0.0.0.0}"
SEMAPHORE_DB_PATH="${SEMAPHORE_DB_PATH:-/var/lib/semaphore}"
SEMAPHORE_DB_PORT="${SEMAPHORE_DB_PORT:-}"
SEMAPHORE_DB="${SEMAPHORE_DB:-semaphore}"
SEMAPHORE_DB_USER="${SEMAPHORE_DB_USER:-semaphore}"
SEMAPHORE_DB_PASS="${SEMAPHORE_DB_PASS:-semaphore}"
file_env 'SEMAPHORE_DB_USER' 'semaphore'
file_env 'SEMAPHORE_DB_PASS' 'semaphore'
# Email alert env config
SEMAPHORE_WEB_ROOT="${SEMAPHORE_WEB_ROOT:-}"
# Semaphore Admin env config
SEMAPHORE_ADMIN="${SEMAPHORE_ADMIN:-admin}"
file_env 'SEMAPHORE_ADMIN' 'admin'
SEMAPHORE_ADMIN_EMAIL="${SEMAPHORE_ADMIN_EMAIL:-admin@localhost}"
SEMAPHORE_ADMIN_NAME="${SEMAPHORE_ADMIN_NAME:-Semaphore Admin}"
SEMAPHORE_ADMIN_PASSWORD="${SEMAPHORE_ADMIN_PASSWORD:-semaphorepassword}"
file_env 'SEMAPHORE_ADMIN_PASSWORD' 'semaphorepassword'
#Semaphore LDAP env config
SEMAPHORE_LDAP_ACTIVATED="${SEMAPHORE_LDAP_ACTIVATED:-no}"
SEMAPHORE_LDAP_HOST="${SEMAPHORE_LDAP_HOST:-}"
SEMAPHORE_LDAP_PORT="${SEMAPHORE_LDAP_PORT:-}"
SEMAPHORE_LDAP_NEEDTLS="${SEMAPHORE_LDAP_NEEDTLS:-no}"
SEMAPHORE_LDAP_DN_BIND="${SEMAPHORE_LDAP_DN_BIND:-}"
SEMAPHORE_LDAP_PASSWORD="${SEMAPHORE_LDAP_PASSWORD:-}"
file_env 'SEMAPHORE_LDAP_PASSWORD'
SEMAPHORE_LDAP_DN_SEARCH="${SEMAPHORE_LDAP_DN_SEARCH:-}"
SEMAPHORE_LDAP_SEARCH_FILTER="${SEMAPHORE_LDAP_SEARCH_FILTER:-(uid=%s)}"
SEMAPHORE_LDAP_MAPPING_DN="${SEMAPHORE_LDAP_MAPPING_DN:-dn}"
@ -36,7 +56,7 @@ SEMAPHORE_LDAP_MAPPING_USERNAME="${SEMAPHORE_LDAP_MAPPING_USERNAME:-uid}"
SEMAPHORE_LDAP_MAPPING_FULLNAME="${SEMAPHORE_LDAP_MAPPING_FULLNAME:-cn}"
SEMAPHORE_LDAP_MAPPING_EMAIL="${SEMAPHORE_LDAP_MAPPING_EMAIL:-mail}"
export SEMAPHORE_ACCESS_KEY_ENCRYPTION="${SEMAPHORE_ACCESS_KEY_ENCRYPTION:-cFcXI5qHzCDqtS4xCnblOACuNu5AmKHkvxK7abwR8Eg=}"
file_env 'SEMAPHORE_ACCESS_KEY_ENCRYPTION' 'cFcXI5qHzCDqtS4xCnblOACuNu5AmKHkvxK7abwR8Eg='
[ -d "${SEMAPHORE_TMP_PATH}" ] || mkdir -p "${SEMAPHORE_TMP_PATH}" || {
echo "Can't create Semaphore tmp path ${SEMAPHORE_TMP_PATH}."