feat: kompose secrets
This commit is contained in:
176
Projects/kompose/migrate-stack-env.sh
Executable file
176
Projects/kompose/migrate-stack-env.sh
Executable file
@@ -0,0 +1,176 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# ===================================================================
|
||||
# Kompose Stack .env Migration Script
|
||||
# ===================================================================
|
||||
# This script updates all stack .env files to:
|
||||
# 1. Add TRAEFIK_ENABLED=true (if not present)
|
||||
# 2. Update TRAEFIK_HOST to use root .env variable
|
||||
# 3. Remove sensitive secrets (move to secrets.env)
|
||||
# 4. Add standardized comments
|
||||
# ===================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
RESET='\033[0m'
|
||||
|
||||
log_info() {
|
||||
echo -e "${BLUE}[INFO]${RESET} $*"
|
||||
}
|
||||
|
||||
log_success() {
|
||||
echo -e "${GREEN}[SUCCESS]${RESET} $*"
|
||||
}
|
||||
|
||||
log_warning() {
|
||||
echo -e "${YELLOW}[WARNING]${RESET} $*"
|
||||
}
|
||||
|
||||
update_stack_env() {
|
||||
local stack="$1"
|
||||
local env_file="${SCRIPT_DIR}/${stack}/.env"
|
||||
|
||||
if [[ ! -f "${env_file}" ]]; then
|
||||
log_warning "No .env file in ${stack}, skipping"
|
||||
return
|
||||
fi
|
||||
|
||||
log_info "Updating ${stack}/.env..."
|
||||
|
||||
local temp_file="${env_file}.new"
|
||||
|
||||
# Read stack name
|
||||
local project_name=$(grep "^COMPOSE_PROJECT_NAME=" "${env_file}" | cut -d= -f2)
|
||||
local has_traefik_enabled=false
|
||||
local has_traefik_host=false
|
||||
|
||||
# Check if file already has TRAEFIK_ENABLED
|
||||
if grep -q "^TRAEFIK_ENABLED=" "${env_file}"; then
|
||||
has_traefik_enabled=true
|
||||
fi
|
||||
|
||||
# Check if file has TRAEFIK_HOST
|
||||
if grep -q "^TRAEFIK_HOST=" "${env_file}"; then
|
||||
has_traefik_host=true
|
||||
fi
|
||||
|
||||
# Start building new file
|
||||
{
|
||||
echo "# ================================================================="
|
||||
echo "# ${stack^^} Stack Configuration"
|
||||
echo "# ================================================================="
|
||||
echo ""
|
||||
echo "# Stack identification"
|
||||
|
||||
# Copy COMPOSE_PROJECT_NAME
|
||||
grep "^COMPOSE_PROJECT_NAME=" "${env_file}" || echo "COMPOSE_PROJECT_NAME=${stack}"
|
||||
|
||||
echo ""
|
||||
echo "# Docker image"
|
||||
grep "^DOCKER_IMAGE=" "${env_file}" 2>/dev/null || true
|
||||
|
||||
# Add database if present
|
||||
if grep -q "^DB_NAME=" "${env_file}"; then
|
||||
echo ""
|
||||
echo "# Database name"
|
||||
grep "^DB_NAME=" "${env_file}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "# Traefik configuration"
|
||||
|
||||
# Add TRAEFIK_ENABLED if not present
|
||||
if ${has_traefik_enabled}; then
|
||||
grep "^TRAEFIK_ENABLED=" "${env_file}"
|
||||
else
|
||||
echo "TRAEFIK_ENABLED=true"
|
||||
fi
|
||||
|
||||
# Update TRAEFIK_HOST to reference root variable
|
||||
if ${has_traefik_host}; then
|
||||
local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]')
|
||||
echo "TRAEFIK_HOST=\${TRAEFIK_HOST_${uppercase_stack}}"
|
||||
fi
|
||||
|
||||
# Copy APP_PORT if present
|
||||
if grep -q "^APP_PORT=" "${env_file}"; then
|
||||
echo ""
|
||||
echo "# Application port"
|
||||
grep "^APP_PORT=" "${env_file}"
|
||||
fi
|
||||
|
||||
# Copy other non-sensitive variables
|
||||
echo ""
|
||||
echo "# Additional configuration"
|
||||
grep -v "^COMPOSE_PROJECT_NAME=" "${env_file}" | \
|
||||
grep -v "^DOCKER_IMAGE=" | \
|
||||
grep -v "^DB_NAME=" | \
|
||||
grep -v "^TRAEFIK_ENABLED=" | \
|
||||
grep -v "^TRAEFIK_HOST=" | \
|
||||
grep -v "^APP_PORT=" | \
|
||||
grep -v "^#" | \
|
||||
grep -v "^$" | \
|
||||
grep -v "_SECRET=" | \
|
||||
grep -v "_PASSWORD=" | \
|
||||
grep -v "_TOKEN=" | \
|
||||
grep -v "_KEY=" || true
|
||||
|
||||
# Add note about secrets
|
||||
echo ""
|
||||
echo "# NOTE: Secrets are stored in root secrets.env file"
|
||||
echo "# Available secrets for this stack:"
|
||||
local uppercase_stack=$(echo "${stack}" | tr '[:lower:]' '[:upper:]')
|
||||
|
||||
# List stack-specific secrets from template
|
||||
if [[ -f "${SCRIPT_DIR}/secrets.env.template" ]]; then
|
||||
grep "^${uppercase_stack}_" "${SCRIPT_DIR}/secrets.env.template" | \
|
||||
sed 's/^/# - /' || true
|
||||
fi
|
||||
|
||||
} > "${temp_file}"
|
||||
|
||||
# Show diff
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
echo "Changes for ${stack}/.env:"
|
||||
diff -u "${env_file}" "${temp_file}" || true
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
echo ""
|
||||
|
||||
# Ask for confirmation
|
||||
read -p "Apply these changes? (y/N): " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
mv "${env_file}" "${env_file}.bak"
|
||||
mv "${temp_file}" "${env_file}"
|
||||
log_success "Updated ${stack}/.env (backup: ${stack}/.env.bak)"
|
||||
else
|
||||
rm "${temp_file}"
|
||||
log_info "Skipped ${stack}/.env"
|
||||
fi
|
||||
}
|
||||
|
||||
# Main migration
|
||||
main() {
|
||||
log_info "Starting stack .env migration..."
|
||||
echo ""
|
||||
|
||||
# Get all stacks
|
||||
local stacks=(auth auto blog chain chat code dash data dock docs home link news proxy sexy trace track vault vpn)
|
||||
|
||||
for stack in "${stacks[@]}"; do
|
||||
if [[ -d "${SCRIPT_DIR}/${stack}" ]]; then
|
||||
update_stack_env "${stack}"
|
||||
echo ""
|
||||
fi
|
||||
done
|
||||
|
||||
log_success "Migration complete!"
|
||||
log_info "Review the changes and test with: ./kompose.sh --list"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user