IAM/iam-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deploy): add docker

Browse Source
This commit is contained in:
shay7sev
2026-02-11 16:31:27 +08:00
parent 3b3ce5572f
commit ed6bef8039
6 changed files with 216 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
deploy/validate-env.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
ENV_FILE="${ROOT_DIR}/.env"
DATA_DIR="${ROOT_DIR}/data"
if [[ ! -f "${ENV_FILE}" ]]; then
echo "Missing .env: ${ENV_FILE}"
exit 1
fi
require_key() {
local key="$1"
if ! grep -Eq "^[[:space:]]*${key}=" "${ENV_FILE}"; then
echo "Missing required env var in .env: ${key}"
exit 1
fi
}
require_key "DATABASE_URL"
require_key "REDIS_URL"
require_key "JWT_SECRET"
require_key "AUTH_CODE_JWT_SECRET"
if grep -Eq "^[[:space:]]*PORT=" "${ENV_FILE}"; then
port="$(grep -E "^[[:space:]]*PORT=" "${ENV_FILE}" | tail -n 1 | cut -d= -f2- | tr -d '\r' | tr -d '"')"
if [[ -n "${port}" && ! "${port}" =~ ^[0-9]+$ ]]; then
echo "PORT must be a number in .env (got: ${port})"
exit 1
fi
fi
if [[ "${DEPLOY_TARGET:-}" == "docker" ]]; then
redis_url="$(grep -E "^[[:space:]]*REDIS_URL=" "${ENV_FILE}" | tail -n 1 | cut -d= -f2- | tr -d '\r')"
if [[ "${redis_url}" == redis://localhost* || "${redis_url}" == redis://127.0.0.1* ]]; then
echo "REDIS_URL cannot use localhost/127.0.0.1 for docker deployment: ${redis_url}"
exit 1
fi
db_url="$(grep -E "^[[:space:]]*DATABASE_URL=" "${ENV_FILE}" | tail -n 1 | cut -d= -f2- | tr -d '\r')"
if [[ "${db_url}" == *://localhost* || "${db_url}" == *://127.0.0.1* ]]; then
echo "DATABASE_URL cannot use localhost/127.0.0.1 for docker deployment: ${db_url}"
exit 1
fi
fi
if [[ ! -f "${DATA_DIR}/jwt_private_key.pem" ]]; then
echo "Missing key file: ${DATA_DIR}/jwt_private_key.pem"
exit 1
fi
if [[ ! -f "${DATA_DIR}/jwt_public_key.pem" ]]; then
echo "Missing key file: ${DATA_DIR}/jwt_public_key.pem"
exit 1
fi
if [[ ! -s "${DATA_DIR}/jwt_private_key.pem" ]]; then
echo "Empty key file: ${DATA_DIR}/jwt_private_key.pem"
exit 1
fi
if [[ ! -s "${DATA_DIR}/jwt_public_key.pem" ]]; then
echo "Empty key file: ${DATA_DIR}/jwt_public_key.pem"
exit 1
fi
if grep -Eq "^[[:space:]]*JWT_PRIVATE_KEY_PEM=" "${ENV_FILE}" || grep -Eq "^[[:space:]]*JWT_PUBLIC_KEY_PEM=" "${ENV_FILE}"; then
env_priv="$(grep -E "^[[:space:]]*JWT_PRIVATE_KEY_PEM=" "${ENV_FILE}" | tail -n 1 | cut -d= -f2- | tr -d '\r')"
env_pub="$(grep -E "^[[:space:]]*JWT_PUBLIC_KEY_PEM=" "${ENV_FILE}" | tail -n 1 | cut -d= -f2- | tr -d '\r')"
file_priv="$(cat "${DATA_DIR}/jwt_private_key.pem")"
file_pub="$(cat "${DATA_DIR}/jwt_public_key.pem")"
if [[ -n "${env_priv}" && "${env_priv}" != "${file_priv}" ]]; then
echo "JWT_PRIVATE_KEY_PEM in .env does not match data/jwt_private_key.pem"
exit 1
fi
if [[ -n "${env_pub}" && "${env_pub}" != "${file_pub}" ]]; then
echo "JWT_PUBLIC_KEY_PEM in .env does not match data/jwt_public_key.pem"
exit 1
fi
fi
echo "iam-service .env validation OK"