From 703f8814392536d4e6842fe37517e68931708231 Mon Sep 17 00:00:00 2001 From: Bulat Kurbanov Date: Sat, 13 Apr 2024 19:46:50 +0200 Subject: [PATCH] Add vault --- docker/production.dockerfile | 10 ++++++++-- scripts/env.sh | 12 ++++++++++++ scripts/{start_production.sh => start.sh} | 8 +++++--- 3 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 scripts/env.sh rename scripts/{start_production.sh => start.sh} (59%) diff --git a/docker/production.dockerfile b/docker/production.dockerfile index 3f0b6e6..d29105f 100644 --- a/docker/production.dockerfile +++ b/docker/production.dockerfile @@ -12,6 +12,10 @@ RUN poetry export --without-hashes > requirements.txt \ FROM ghcr.io/flibusta-apps/base_docker_images:3.12-postgres-runtime AS runtime-image +RUN apt-get update \ + && apt-get install -y curl jq \ + && rm -rf /var/lib/apt/lists/* + WORKDIR /app ENV VENV_PATH=/opt/venv @@ -19,8 +23,10 @@ ENV PATH="$VENV_PATH/bin:$PATH" COPY --from=build-image $VENV_PATH $VENV_PATH COPY ./fastapi_file_server/ /app/ -COPY ./scripts/* /root/ + +COPY ./scripts/* / +RUN chmod +x /*.sh EXPOSE 8080 -CMD bash /root/start_production.sh +CMD ["/start.sh"] diff --git a/scripts/env.sh b/scripts/env.sh new file mode 100644 index 0000000..d2d61fc --- /dev/null +++ b/scripts/env.sh @@ -0,0 +1,12 @@ +#! /usr/bin/env sh + +response=`curl -X 'GET' "https://$VAULT_HOST/v1/$VAULT_SECRET_PATH" -s \ + -H 'accept: application/json' \ + -H "X-Vault-Token: $VAULT_TOKEN"` + +data=`echo $response | jq -r '.data.data'` + +for key in $(echo "$data" | jq -r 'keys[]'); do + value=$(echo "$data" | jq -r ".\"$key\"") # Corrected syntax + echo "$key"="$value" +done diff --git a/scripts/start_production.sh b/scripts/start.sh similarity index 59% rename from scripts/start_production.sh rename to scripts/start.sh index ab02ff4..c6f334d 100644 --- a/scripts/start_production.sh +++ b/scripts/start.sh @@ -1,6 +1,8 @@ -cd /app +#! /usr/bin/env sh -rm -rf prometheus -mkdir prometheus +export $(/env.sh) + +cd /app +mkdir -p prometheus granian --interface asgi --host 0.0.0.0 --port 8080 --loop uvloop main:app