diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d86d8d9..c4ab3fb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,7 @@ jobs: - "sqlite" - "mariadb" - "postgresql" + - "postgresql-secret" steps: - name: "Checkout" diff --git a/README.md b/README.md index af05b00..22e41e7 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ Default login is `wallabag:wallabag`. - `-e SYMFONY__ENV__SERVER_NAME=...` (defaults to "Your wallabag instance". Specifies a user-friendly name for the 2FA issuer) - `-e PHP_MEMORY_LIMIT=...` (allows you to change the PHP `memory_limit` value. defaults to 128M, and should be a number and unit, eg. 512K, 128M, 2G, or a number of bytes) +To set any of these environment variables from a file (for instance a Docker Secret), append `__FILE` to the name of the environment variable. + ## SQLite The easiest way to start wallabag is to use the SQLite backend. You can spin that up with diff --git a/root/entrypoint.sh b/root/entrypoint.sh index 0d3932f..29103e4 100755 --- a/root/entrypoint.sh +++ b/root/entrypoint.sh @@ -2,6 +2,16 @@ # Exit when any command fails set -e +FILE_ENV_VARS="$(env | grep '__FILE=')" +for env_var in $FILE_ENV_VARS; do + var_name="$(echo $env_var | grep -o '.*__FILE=' | sed 's/__FILE=//g')" + file_path="$(echo $env_var | grep -o '__FILE=.*' | sed 's/__FILE=//g')" + file_content="$(cat $file_path)" + [[ ! $? -eq 0 ]] && exit 1 # Exit if last command failed + new_var="$(echo $var_name=$file_content)" + export $(echo $new_var | xargs) +done + COMMAND_ARG1="$1" COMMAND_ARG2="$2" diff --git a/tests/credentials/db_password b/tests/credentials/db_password new file mode 100644 index 0000000..bfe4329 --- /dev/null +++ b/tests/credentials/db_password @@ -0,0 +1 @@ +wallapass diff --git a/tests/credentials/env_secret b/tests/credentials/env_secret new file mode 100644 index 0000000..7440e0b --- /dev/null +++ b/tests/credentials/env_secret @@ -0,0 +1 @@ +F00B4R diff --git a/tests/credentials/postgres_password b/tests/credentials/postgres_password new file mode 100644 index 0000000..aa3c1b0 --- /dev/null +++ b/tests/credentials/postgres_password @@ -0,0 +1 @@ +my-secret-pw diff --git a/tests/docker-compose.postgresql-secret.yml b/tests/docker-compose.postgresql-secret.yml new file mode 100644 index 0000000..3d7daf0 --- /dev/null +++ b/tests/docker-compose.postgresql-secret.yml @@ -0,0 +1,31 @@ +version: '2' +services: + wallabag: + build: + context: ../ + image: wallabag:postgresql + container_name: wallabag + environment: + - POSTGRES_PASSWORD__FILE=/run/secrets/postgres_password + - POSTGRES_USER=my-super-user + - SYMFONY__ENV__SECRET__FILE=/run/secrets/env_secret + - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql + - SYMFONY__ENV__DATABASE_HOST=db + - SYMFONY__ENV__DATABASE_PORT=5432 + - SYMFONY__ENV__DATABASE_NAME=wallabag + - SYMFONY__ENV__DATABASE_USER=wallabag + - SYMFONY__ENV__DATABASE_PASSWORD__FILE=/run/secrets/db_password + ports: + - "127.0.0.1:80:80" + # Docker Secrets require Swarm Mode, so we use volumes instead to spoof the behaviour + volumes: + - ./credentials/db_password:/run/secrets/db_password + - ./credentials/postgres_password:/run/secrets/postgres_password + - ./credentials/env_secret:/run/secrets/env_secret + db: + image: postgres:10.3 + environment: + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password + - POSTGRES_USER=my-super-user + volumes: + - ./credentials/postgres_password:/run/secrets/postgres_password