gitadmin/ArchiTools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deploy): Faza A Infisical runtime migration

Browse Source 
Stripped 35-var environment block from docker-compose.yml to 5 bootstrap
vars (INFISICAL_CLIENT_ID/SECRET, NODE_ENV, PORT, HOSTNAME). All app
secrets now fetched from Infisical /architools at container boot via
docker-entrypoint.sh (modeled on gis-api's pattern, INFISICAL_APP_PATH
=/architools).

- docker-entrypoint.sh: universal-auth login, fetch /architools + /
  root, expand ${/VAR} refs, export, exec CMD. Fails loud on Infisical
  unreachable (exit 2/3).
- Dockerfile runner: added curl+jq, COPY entrypoint + chmod +x,
  ENTRYPOINT ["/app/docker-entrypoint.sh"]
- compose: build args (NEXT_PUBLIC_*) preserved — build-time inlining
  into JS bundle. martin/tile-cache/tippecanoe service env blocks
  untouched (legacy, removed in Faza E).

Rotation workflow now: Infisical UI -> ssh satra "cd /opt/architools && docker compose up -d --force-recreate architools". Never docker compose restart (does not refetch).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude VM
2026-05-18 00:41:22 +03:00
parent 6b3d56e1e8
commit 54b78c2dcf
3 changed files with 79 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+5 -1
View File
@@ -44,7 +44,8 @@ ENV NODE_ENV=production
ENV TZ=Europe/Bucharest
# Install system deps + create user in a single layer
RUN apk add --no-cache gdal gdal-tools ghostscript qpdf tzdata \
# curl + jq required by docker-entrypoint.sh for Infisical runtime bootstrap
RUN apk add --no-cache gdal gdal-tools ghostscript qpdf tzdata curl jq \
&& addgroup --system --gid 1001 nodejs \
&& adduser --system --uid 1001 nextjs
@@ -53,6 +54,8 @@ RUN apk add --no-cache gdal gdal-tools ghostscript qpdf tzdata \
COPY --from=builder /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY docker-entrypoint.sh /app/docker-entrypoint.sh
RUN chmod +x /app/docker-entrypoint.sh
USER nextjs
@@ -60,4 +63,5 @@ EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["node", "server.js"]