|
@@ -0,0 +1,51 @@
|
|
|
|
|
+#!/bin/sh
|
|
|
|
|
+set -eu
|
|
|
|
|
+
|
|
|
|
|
+ROOT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
|
|
|
|
|
+cd "$ROOT_DIR"
|
|
|
|
|
+
|
|
|
|
|
+EMPTY_ENV=$(mktemp "${TMPDIR:-/tmp}/okr-empty-env.XXXXXX")
|
|
|
|
|
+ENTRYPOINT_DATA=$(mktemp -d "${TMPDIR:-/tmp}/okr-entrypoint-data.XXXXXX")
|
|
|
|
|
+trap 'rm -f "$EMPTY_ENV"; rm -rf "$ENTRYPOINT_DATA"' EXIT INT TERM
|
|
|
|
|
+
|
|
|
|
|
+assert_compose_requires() {
|
|
|
|
|
+ missing_name=$1
|
|
|
|
|
+ shift
|
|
|
|
|
+ output_file="/tmp/okr-compose-missing-${missing_name}.out"
|
|
|
|
|
+
|
|
|
|
|
+ if env -u "$missing_name" "$@" docker compose --env-file "$EMPTY_ENV" config >"$output_file" 2>&1; then
|
|
|
|
|
+ echo "缺少 $missing_name 时,Compose 不应生成配置" >&2
|
|
|
|
|
+ exit 1
|
|
|
|
|
+ fi
|
|
|
|
|
+ if ! grep -q "$missing_name" "$output_file"; then
|
|
|
|
|
+ echo "Compose 缺失变量错误未指出 $missing_name" >&2
|
|
|
|
|
+ exit 1
|
|
|
|
|
+ fi
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+assert_compose_requires APP_JWT_SECRET \
|
|
|
|
|
+ APP_SUPER_ADMIN_PASSWORD=verification-password APP_CORS_ORIGINS=https://okr.example.com
|
|
|
|
|
+assert_compose_requires APP_SUPER_ADMIN_PASSWORD \
|
|
|
|
|
+ APP_JWT_SECRET=verification-secret-key-at-least-32-characters APP_CORS_ORIGINS=https://okr.example.com
|
|
|
|
|
+assert_compose_requires APP_CORS_ORIGINS \
|
|
|
|
|
+ APP_JWT_SECRET=verification-secret-key-at-least-32-characters APP_SUPER_ADMIN_PASSWORD=verification-password
|
|
|
|
|
+
|
|
|
|
|
+if SPRING_PROFILES_ACTIVE=prod APP_JWT_SECRET=short \
|
|
|
|
|
+ APP_DATA_DIR="$ENTRYPOINT_DATA" \
|
|
|
|
|
+ APP_BACKUP_DIR= docker/entrypoint.sh true >/tmp/okr-entrypoint-weak-secret.out 2>&1; then
|
|
|
|
|
+ echo "JWT 密钥不足 32 字符时,容器入口不应继续启动" >&2
|
|
|
|
|
+ exit 1
|
|
|
|
|
+fi
|
|
|
|
|
+
|
|
|
|
|
+if ! grep -q "至少 32" /tmp/okr-entrypoint-weak-secret.out; then
|
|
|
|
|
+ echo "容器入口未给出明确的 JWT 密钥长度提示" >&2
|
|
|
|
|
+ exit 1
|
|
|
|
|
+fi
|
|
|
|
|
+
|
|
|
|
|
+SPRING_PROFILES_ACTIVE=prod \
|
|
|
|
|
+ APP_JWT_SECRET=verification-secret-key-at-least-32-characters \
|
|
|
|
|
+ APP_DATA_DIR="$ENTRYPOINT_DATA" \
|
|
|
|
|
+ APP_BACKUP_DIR="$ENTRYPOINT_DATA/backups" \
|
|
|
|
|
+ docker/entrypoint.sh true >/tmp/okr-entrypoint-valid-secret.out 2>&1
|
|
|
|
|
+
|
|
|
|
|
+echo "Docker 生产环境变量校验通过"
|