| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- #!/bin/sh
- set -eu
- ROOT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)
- cd "$ROOT_DIR"
- EMPTY_ENV=$(mktemp "${TMPDIR:-/tmp}/okr-empty-env.XXXXXX")
- ENTRYPOINT_DATA=$(mktemp -d "${TMPDIR:-/tmp}/okr-entrypoint-data.XXXXXX")
- trap 'rm -f "$EMPTY_ENV"; rm -rf "$ENTRYPOINT_DATA"' EXIT INT TERM
- assert_compose_requires() {
- missing_name=$1
- shift
- output_file="/tmp/okr-compose-missing-${missing_name}.out"
- if env -u "$missing_name" "$@" docker compose --env-file "$EMPTY_ENV" config >"$output_file" 2>&1; then
- echo "缺少 $missing_name 时,Compose 不应生成配置" >&2
- exit 1
- fi
- if ! grep -q "$missing_name" "$output_file"; then
- echo "Compose 缺失变量错误未指出 $missing_name" >&2
- exit 1
- fi
- }
- assert_compose_requires APP_JWT_SECRET \
- APP_SUPER_ADMIN_PASSWORD=verification-password APP_CORS_ORIGINS=https://okr.example.com
- assert_compose_requires APP_SUPER_ADMIN_PASSWORD \
- APP_JWT_SECRET=verification-secret-key-at-least-32-characters APP_CORS_ORIGINS=https://okr.example.com
- assert_compose_requires APP_CORS_ORIGINS \
- APP_JWT_SECRET=verification-secret-key-at-least-32-characters APP_SUPER_ADMIN_PASSWORD=verification-password
- if SPRING_PROFILES_ACTIVE=prod APP_JWT_SECRET=short \
- APP_DATA_DIR="$ENTRYPOINT_DATA" \
- APP_BACKUP_DIR= docker/entrypoint.sh true >/tmp/okr-entrypoint-weak-secret.out 2>&1; then
- echo "JWT 密钥不足 32 字符时,容器入口不应继续启动" >&2
- exit 1
- fi
- if ! grep -q "至少 32" /tmp/okr-entrypoint-weak-secret.out; then
- echo "容器入口未给出明确的 JWT 密钥长度提示" >&2
- exit 1
- fi
- SPRING_PROFILES_ACTIVE=prod \
- APP_JWT_SECRET=verification-secret-key-at-least-32-characters \
- APP_DATA_DIR="$ENTRYPOINT_DATA" \
- APP_BACKUP_DIR="$ENTRYPOINT_DATA/backups" \
- docker/entrypoint.sh true >/tmp/okr-entrypoint-valid-secret.out 2>&1
- echo "Docker 生产环境变量校验通过"
|