-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsecrets_entrypoint_web.sh
More file actions
executable file
·31 lines (25 loc) · 1.38 KB
/
secrets_entrypoint_web.sh
File metadata and controls
executable file
·31 lines (25 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/bash
set -e
# This script is taken from https://aws.amazon.com/blogs/security/how-to-manage-secrets-for-amazon-ec2-container-service-based-applications-by-using-amazon-s3-and-docker/
# and is used to set up app secrets in ECS without exposing them as widely as using ECS env vars directly would.
# Check that the environment variable has been set correctly
if [ -z "$SECRETS_BUCKET_NAME" ]; then
echo >&2 'error: missing SECRETS_BUCKET_NAME environment variable'
exit 1
fi
# Load the S3 secrets file contents into the environment variables
export $(aws s3 cp s3://${SECRETS_BUCKET_NAME}/secrets - | grep -v '^#' | xargs)
# Decode base64-encoded secrets that may contain special characters
if [ -n "$JWT_ID_SECRETS" ]; then
export JWT_ID_SECRETS=$(echo "$JWT_ID_SECRETS" | base64 -d)
fi
# This is a bit hack-y because on a deploy that includes a new migration, several containers may be in
# a race to try to run it. However because migrations are versioned and run transactionally, and we
# call Doctrine with `--allow-no-migration`, it *should* be safe and subsequent instances' attempts to
# migrate will just be no-ops and leave the main process to start normally.
echo "Running migrations before start if necessary..."
composer doctrine:cache:clear:live
composer doctrine:migrate:live || exit 3
echo "Starting Apache..."
# Call the normal web server entry-point script
apache2-foreground "$@"