From 4e1e5f21cf98bbc8501e3e58a0b859cd52379a2f Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 5 Jun 2025 09:27:46 -0400
Subject: [PATCH] fixing deploy step

---
 .woodpecker.yml                 |  2 +-
 scripts/ci-deploy-production.sh | 82 ++++++++++++++-------------------
 2 files changed, 35 insertions(+), 49 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index a554790..6917c78 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -216,7 +216,7 @@ steps:
       - echo "=== ENVIRONMENT INFO ==="
       - uname -a || echo "uname not available"
       - echo "=== ATTEMPTING DEPLOYMENT ==="
-      - bash ./scripts/ci-deploy-production.sh
+      - sh ./scripts/ci-deploy-production.sh
     when:
       branch: main
       event: [push, cron]
diff --git a/scripts/ci-deploy-production.sh b/scripts/ci-deploy-production.sh
index 30c9d6a..dab8a5d 100755
--- a/scripts/ci-deploy-production.sh
+++ b/scripts/ci-deploy-production.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 ################################################################################
 # WOODPECKER CI PRODUCTION DEPLOYMENT SCRIPT
@@ -26,23 +26,23 @@
 set -euo pipefail
 
 # Configuration
-readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-readonly LOCK_FILE="/tmp/authelia-deploy.lock"
-readonly MAX_RETRIES=3
-readonly RETRY_DELAY=5  # Reduced from 10s to 5s
-readonly DEPLOYMENT_TIMEOUT=180  # Reduced from 300s to 180s (3 minutes)
-readonly HEALTH_CHECK_TIMEOUT=90  # Reduced from 120s to 90s
-readonly MIN_DISK_SPACE_MB=500  # Reduced from 1000MB to 500MB
-readonly FORCE_PULL=true  # Always pull latest images
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+LOCK_FILE="/tmp/authelia-deploy.lock"
+MAX_RETRIES=3
+RETRY_DELAY=5  # Reduced from 10s to 5s
+DEPLOYMENT_TIMEOUT=180  # Reduced from 300s to 180s (3 minutes)
+HEALTH_CHECK_TIMEOUT=90  # Reduced from 120s to 90s
+MIN_DISK_SPACE_MB=500  # Reduced from 1000MB to 500MB
+FORCE_PULL=true  # Always pull latest images
 
 # Color codes for output
-readonly RED='\033[0;31m'
-readonly GREEN='\033[0;32m'
-readonly YELLOW='\033[1;33m'
-readonly BLUE='\033[0;34m'
-readonly PURPLE='\033[0;35m'
-readonly CYAN='\033[0;36m'
-readonly NC='\033[0m' # No Color
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+PURPLE='\033[0;35m'
+CYAN='\033[0;36m'
+NC='\033[0m' # No Color
 
 # Global variables for cleanup
 DEPLOYMENT_STARTED=false
@@ -123,7 +123,7 @@ pre_flight_checks() {
     log "Running pre-flight checks..."
     
     # Check if another deployment is running
-    if [[ -f "$LOCK_FILE" ]]; then
+    if [ -f "$LOCK_FILE" ]; then
         error "Another deployment is already running (lock file exists: $LOCK_FILE)"
         error "If you're sure no other deployment is running, remove the lock file manually"
         exit 1
@@ -134,7 +134,7 @@ pre_flight_checks() {
     debug "Created deployment lock file"
     
     # Verify we're running in CI environment
-    if [[ -z "${CI_REPO_NAME:-}" ]]; then
+    if [ -z "${CI_REPO_NAME:-}" ]; then
         error "This script must only be run in Woodpecker CI environment!"
         error "Missing CI_REPO_NAME environment variable"
         exit 1
@@ -149,29 +149,24 @@ pre_flight_checks() {
     # Check available disk space
     local available_space
     available_space=$(df /var/lib/docker --output=avail --block-size=1M | tail -n1 | tr -d ' ')
-    if [[ $available_space -lt $MIN_DISK_SPACE_MB ]]; then
+    if [ $available_space -lt $MIN_DISK_SPACE_MB ]; then
         error "Insufficient disk space: ${available_space}MB available, ${MIN_DISK_SPACE_MB}MB required"
         exit 1
     fi
     
     # Verify required environment variables
-    local required_vars=(
-        "REGISTRY_USER" "REGISTRY_PASSWORD" "CI_REPO_NAME"
-        "AUTHENTICATION_BACKEND_LDAP_PASSWORD" "IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET"
-        "STORAGE_ENCRYPTION_KEY" "SESSION_SECRET" "NOTIFIER_SMTP_PASSWORD"
-        "IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" "IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY"
-        "IDENTITY_PROVIDERS_OIDC_JWKS_KEY" "CLIENT_SECRET_HEADSCALE" "CLIENT_SECRET_HEADADMIN"
-    )
+    REQUIRED_VARS="REGISTRY_USER REGISTRY_PASSWORD CI_REPO_NAME AUTHENTICATION_BACKEND_LDAP_PASSWORD IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET STORAGE_ENCRYPTION_KEY SESSION_SECRET NOTIFIER_SMTP_PASSWORD IDENTITY_PROVIDERS_OIDC_HMAC_SECRET IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY IDENTITY_PROVIDERS_OIDC_JWKS_KEY CLIENT_SECRET_HEADSCALE CLIENT_SECRET_HEADADMIN"
     
-    for var in "${required_vars[@]}"; do
-        if [[ -z "${!var:-}" ]]; then
+    for var in $REQUIRED_VARS; do
+        eval "var_value=\$$var"
+        if [ -z "$var_value" ]; then
             error "Required environment variable $var is not set"
             exit 1
         fi
     done
     
     # Check if stack file exists
-    if [[ ! -f "./stack.production.yml" ]]; then
+    if [ ! -f "./stack.production.yml" ]; then
         error "Production stack file not found: ./stack.production.yml"
         exit 1
     fi
@@ -335,22 +330,12 @@ wait_for_stack_removal() {
 manage_secrets() {
     log "Managing Docker secrets"
     
-    declare -a SECRETS=(
-        "AUTHENTICATION_BACKEND_LDAP_PASSWORD"
-        "IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" 
-        "STORAGE_ENCRYPTION_KEY"
-        "SESSION_SECRET"
-        "NOTIFIER_SMTP_PASSWORD"
-        "IDENTITY_PROVIDERS_OIDC_HMAC_SECRET"
-        "IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY"
-        "IDENTITY_PROVIDERS_OIDC_JWKS_KEY"
-        "CLIENT_SECRET_HEADSCALE"
-        "CLIENT_SECRET_HEADADMIN"
-    )
+    # List of secrets (space-separated instead of array)
+    SECRETS="AUTHENTICATION_BACKEND_LDAP_PASSWORD IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET STORAGE_ENCRYPTION_KEY SESSION_SECRET NOTIFIER_SMTP_PASSWORD IDENTITY_PROVIDERS_OIDC_HMAC_SECRET IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY IDENTITY_PROVIDERS_OIDC_JWKS_KEY CLIENT_SECRET_HEADSCALE CLIENT_SECRET_HEADADMIN"
     
     # Remove old secrets
     log "Removing old Docker secrets"
-    for secret in "${SECRETS[@]}"; do
+    for secret in $SECRETS; do
         if docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then
             docker secret rm "$secret" || true
             debug "Removed secret: $secret"
@@ -361,24 +346,25 @@ manage_secrets() {
     
     # Create new secrets with validation
     log "Creating new Docker secrets with updated values"
-    for secret in "${SECRETS[@]}"; do
-        env_var="${secret}"
-        if [[ -n "${!env_var:-}" ]]; then
-            if echo "${!env_var}" | docker secret create "$secret" -; then
+    for secret in $SECRETS; do
+        # Use eval for indirect variable access in POSIX shell
+        eval "secret_value=\$$secret"
+        if [ -n "$secret_value" ]; then
+            if echo "$secret_value" | docker secret create "$secret" -; then
                 success "Created secret: $secret"
             else
                 error "Failed to create secret: $secret"
                 return 1
             fi
         else
-            error "Environment variable $env_var is not set!"
+            error "Environment variable $secret is not set!"
             return 1
         fi
     done
     
     # Verify all secrets were created
     log "Verifying secret creation"
-    for secret in "${SECRETS[@]}"; do
+    for secret in $SECRETS; do
         if ! docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then
             error "Secret verification failed: $secret was not created"
             return 1