mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
225 lines
7.3 KiB
225 lines
7.3 KiB
#!/bin/sh -e
|
|
|
|
echo "=== CP Docuseal Staging Startup ==="
|
|
|
|
# Enable jemalloc for reduced memory usage and latency.
|
|
if [ -z "${LD_PRELOAD+x}" ]; then
|
|
LD_PRELOAD=$(find /usr/lib -name libjemalloc.so.2 -print -quit)
|
|
export LD_PRELOAD
|
|
fi
|
|
|
|
check_aws_setup() {
|
|
if [ -z "$AWS_REGION" ]; then
|
|
echo "ERROR: AWS_REGION environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v aws &> /dev/null; then
|
|
echo "ERROR: AWS CLI is not installed. Please install it to proceed."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Function to fetch secrets from AWS Secrets Manager
|
|
fetch_db_credentials() {
|
|
echo "Fetching database credentials from AWS Secrets Manager..."
|
|
|
|
if [ -z "$DB_SECRETS_NAME" ]; then
|
|
echo "ERROR: DB_SECRETS_NAME environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
# Fetch the secret
|
|
echo "Retrieving secret: $DB_SECRETS_NAME"
|
|
SECRET_JSON=$(aws secretsmanager get-secret-value \
|
|
--region "$AWS_REGION" \
|
|
--secret-id "$DB_SECRETS_NAME" \
|
|
--query SecretString \
|
|
--output text)
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "ERROR: Failed to retrieve secrets from AWS Secrets Manager"
|
|
exit 1
|
|
fi
|
|
|
|
# Parse JSON and export environment variables
|
|
export DB_USERNAME=$(echo "$SECRET_JSON" | jq -r '.username')
|
|
export DB_PASSWORD=$(echo "$SECRET_JSON" | jq -r '.password')
|
|
|
|
# Validate that we got the credentials
|
|
if [ "$DB_USERNAME" = "null" ] || [ "$DB_PASSWORD" = "null" ] || [ -z "$DB_USERNAME" ] || [ -z "$DB_PASSWORD" ]; then
|
|
echo "ERROR: Failed to parse database credentials from secrets"
|
|
echo "Expected JSON format: {\"username\": \"...\", \"password\": \"...\"}"
|
|
exit 1
|
|
fi
|
|
|
|
# Write credentials to .env.staging file
|
|
echo "Writing database credentials to .env.staging..."
|
|
|
|
# Remove existing DB_USERNAME and DB_PASSWORD lines if they exist
|
|
if [ -f "./.env.staging" ]; then
|
|
echo "Removing existing DB_USERNAME and DB_PASSWORD from .env.staging"
|
|
grep -v "^DB_USERNAME=" ./.env.staging > ./.env.staging.tmp || true
|
|
grep -v "^DB_PASSWORD=" ./.env.staging.tmp > ./.env.staging || true
|
|
rm -f ./.env.staging.tmp
|
|
fi
|
|
|
|
# Append the new credentials
|
|
echo "DB_USERNAME=$DB_USERNAME" >> ./.env.staging
|
|
echo "DB_PASSWORD=$DB_PASSWORD" >> ./.env.staging
|
|
|
|
echo "✓ Database credentials successfully retrieved and written to .env.staging"
|
|
}
|
|
|
|
# Function to fetch encryption key from AWS Secrets Manager and write to config/master.key
|
|
fetch_encryption_key() {
|
|
echo "Fetching encryption key from AWS Secrets Manager..."
|
|
|
|
ENCRYPTION_SECRET_NAME="cpdocuseal/encryption_key"
|
|
if [ -z "$AWS_REGION" ]; then
|
|
echo "ERROR: AWS_REGION environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
# Fetch the secret value (assume it's a plain string, not JSON)
|
|
ENCRYPTION_KEY=$(aws secretsmanager get-secret-value \
|
|
--region "$AWS_REGION" \
|
|
--secret-id "$ENCRYPTION_SECRET_NAME" \
|
|
--query SecretString \
|
|
--output text)
|
|
|
|
if [ $? -ne 0 ] || [ -z "$ENCRYPTION_KEY" ] || [ "$ENCRYPTION_KEY" = "null" ]; then
|
|
echo "ERROR: Failed to retrieve encryption key from AWS Secrets Manager"
|
|
exit 1
|
|
fi
|
|
|
|
# Write the key to config/master.key
|
|
echo -n "$ENCRYPTION_KEY" > config/master.key
|
|
chmod 600 config/master.key
|
|
echo "✓ Encryption key written to config/master.key"
|
|
}
|
|
|
|
fetch_env_variables() {
|
|
echo "Fetching environment variables from AWS Secrets Manager..."
|
|
|
|
if [ -z "$CP_VARIABLES_NAME" ]; then
|
|
echo "ERROR: CP_VARIABLES_NAME environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
# Fetch the secret
|
|
echo "Retrieving secret: $CP_VARIABLES_NAME"
|
|
SECRET_JSON=$(aws secretsmanager get-secret-value \
|
|
--region "$AWS_REGION" \
|
|
--secret-id "$CP_VARIABLES_NAME" \
|
|
--query SecretString \
|
|
--output text)
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "ERROR: Failed to retrieve secrets from AWS Secrets Manager"
|
|
exit 1
|
|
fi
|
|
|
|
export DB_HOST=$(echo "$SECRET_JSON" | jq -r '.host')
|
|
export REDIS_URL=$(echo "$SECRET_JSON" | jq -r '.redis_url')
|
|
export S3_ATTACHMENTS_BUCKET=$(echo "$SECRET_JSON" | jq -r '.s3_attachments_bucket')
|
|
export DB_SSLCERT=$(echo "$SECRET_JSON" | jq -r '.ssl_cert_location')
|
|
|
|
# Validate that we got the values
|
|
if [ "$DB_HOST" = "null" ] || [ "$REDIS_URL" = "null" ] || [ "$S3_ATTACHMENTS_BUCKET" = "null" ] || [ "$DB_SSLCERT" = "null" ] || [ -z "$DB_HOST" ] || [ -z "$REDIS_URL" ] || [ -z "$S3_ATTACHMENTS_BUCKET" ] || [ -z "$DB_SSLCERT" ]; then
|
|
echo "ERROR: Failed to parse variables from secrets"
|
|
echo "Expected JSON format: {\"key\": \"...\", ...}"
|
|
exit 1
|
|
fi
|
|
|
|
# Write variables to .env.staging file
|
|
echo "Writing environment variables to .env.staging..."
|
|
|
|
# Remove existing DB_HOST, REDIS_URL, and S3_ATTACHMENTS_BUCKET lines if they exist
|
|
if [ -f "./.env.staging" ]; then
|
|
echo "Removing existing variables from .env.staging"
|
|
grep -v "^DB_HOST=" ./.env.staging > ./.env.staging.tmp || true
|
|
grep -v "^REDIS_URL=" ./.env.staging.tmp > ./.env.staging || true
|
|
grep -v "^S3_ATTACHMENTS_BUCKET=" ./.env.staging.tmp > ./.env.staging || true
|
|
grep -v "^DB_SSLCERT=" ./.env.staging.tmp > ./.env.staging || true
|
|
rm -f ./.env.staging.tmp
|
|
fi
|
|
|
|
# Append the new credentials
|
|
echo "DB_HOST=$DB_HOST" >> ./.env.staging
|
|
echo "REDIS_URL=$REDIS_URL" >> ./.env.staging
|
|
echo "S3_ATTACHMENTS_BUCKET=$S3_ATTACHMENTS_BUCKET" >> ./.env.staging
|
|
echo "DB_SSLCERT=$DB_SSLCERT" >> ./.env.staging
|
|
|
|
echo "✓ Environment variables successfully retrieved and written to .env.staging"
|
|
}
|
|
|
|
# Function to setup database
|
|
setup_database() {
|
|
echo "Running database migrations..."
|
|
./bin/rails db:migrate
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "✓ Database migrations completed successfully"
|
|
else
|
|
echo "ERROR: Database migrations failed"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
set_environment() {
|
|
if [ -f "./.env.staging" ]; then
|
|
echo "Setting environment variables from .env.staging"
|
|
set -a
|
|
. ./.env.staging
|
|
set +a
|
|
fi
|
|
}
|
|
|
|
# Main execution
|
|
main() {
|
|
local command=${1:-api}
|
|
|
|
cd ../../app/
|
|
|
|
set_environment
|
|
|
|
check_aws_setup
|
|
|
|
echo "Starting CP Docuseal in staging mode..."
|
|
echo "Command: $command"
|
|
echo "Rails Environment: ${RAILS_ENV:-staging}"
|
|
|
|
# Fetch database credentials from Secrets Manager
|
|
fetch_db_credentials
|
|
|
|
# Fetch encryption key and write to config/master.key
|
|
fetch_encryption_key
|
|
|
|
# Fetch other environment variables from Secrets Manager
|
|
fetch_env_variables
|
|
|
|
# Load updated environment variables
|
|
set_environment
|
|
|
|
# Setup and migrate database (only for API command)
|
|
if [ "$command" = "api" ]; then
|
|
setup_database
|
|
echo "=== Startup Complete - Starting Rails Server ==="
|
|
echo "Database Host: ${DB_HOST:-not set}"
|
|
echo "Database Port: ${DB_PORT:-not set}"
|
|
# Start the Rails server
|
|
exec ./bin/rails server -b 0.0.0.0 -p "${PORT:-3000}"
|
|
elif [ "$command" = "sidekiq" ]; then
|
|
echo "=== Startup Complete - Starting Sidekiq ==="
|
|
# Start Sidekiq
|
|
exec bundle exec sidekiq -q default
|
|
else
|
|
echo "ERROR: Unknown command '$command'. Use 'api' or 'sidekiq'"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Execute main function with all arguments
|
|
main "$@"
|