forked from Nixius/authelia
79 lines
2.9 KiB
Bash
Executable File
79 lines
2.9 KiB
Bash
Executable File
#!/bin/sh
|
|
# Static workflow: clean (stack rm + prune) → rebuild (on deploy context) → redeploy. No push; uses local images.
|
|
# Set DOCKER_DEPLOY_CONTEXT for stack target (default: default).
|
|
# Requires: swarm mode, secrets/networks on deploy node.
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
STACK_NAME="${STACK_NAME:-authelia}"
|
|
DEPLOY_CTX="${DOCKER_DEPLOY_CONTEXT:-orbstack}"
|
|
STACK_RM_WAIT=15
|
|
|
|
cd "$REPO_ROOT"
|
|
|
|
if [ -n "$(git status --porcelain)" ]; then
|
|
echo "ERROR: Working tree is dirty. Commit your changes before deploying." >&2
|
|
exit 1
|
|
fi
|
|
|
|
BUILD_COMMIT="$(git rev-parse --short HEAD)"
|
|
BUILD_TIME="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
|
|
echo "=== Building commit $BUILD_COMMIT ==="
|
|
|
|
clean_on_deploy_context() {
|
|
docker context use "$DEPLOY_CTX"
|
|
docker stack rm "$STACK_NAME" 2>/dev/null || true
|
|
sleep "$STACK_RM_WAIT"
|
|
docker image prune -a -f 2>/dev/null || true
|
|
for vol in authelia_authelia_config authelia_authelia_assets authelia_authelia_redis_data authelia_authelia_mariadb_data authelia_lldap_data; do
|
|
docker volume rm "$vol" 2>/dev/null || true
|
|
done
|
|
for name in AUTHENTICATION_BACKEND_LDAP_PASSWORD IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET NOTIFIER_SMTP_PASSWORD SESSION_SECRET STORAGE_ENCRYPTION_KEY; do
|
|
docker secret rm "$name" 2>/dev/null || true
|
|
done
|
|
}
|
|
|
|
build_on_deploy_context() {
|
|
docker context use "$DEPLOY_CTX"
|
|
docker compose -f docker-compose.production.yml build --no-cache \
|
|
--build-arg BUILD_COMMIT="$BUILD_COMMIT" \
|
|
--build-arg BUILD_TIME="$BUILD_TIME"
|
|
}
|
|
|
|
ensure_external_networks() {
|
|
for net in traefik ad; do
|
|
docker network inspect "$net" --format '{{.Name}}' 2>/dev/null | grep -q . || docker network create "$net" --driver overlay --attachable
|
|
done
|
|
}
|
|
|
|
ensure_secrets() {
|
|
LDAP_PW="/ETAToLiZPWo6QK171abAUqsa3WDpd9IgneZnTA4zU0="
|
|
echo "$LDAP_PW" | docker secret create AUTHENTICATION_BACKEND_LDAP_PASSWORD - 2>/dev/null || true
|
|
openssl rand -base64 32 | docker secret create IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET - 2>/dev/null || true
|
|
echo "not-configured" | docker secret create NOTIFIER_SMTP_PASSWORD - 2>/dev/null || true
|
|
openssl rand -base64 32 | docker secret create SESSION_SECRET - 2>/dev/null || true
|
|
openssl rand -base64 32 | docker secret create STORAGE_ENCRYPTION_KEY - 2>/dev/null || true
|
|
}
|
|
|
|
deploy_on_deploy_context() {
|
|
docker context use "$DEPLOY_CTX"
|
|
docker info --format '{{.Swarm.LocalNodeState}}' | grep -q active || docker swarm init
|
|
ensure_external_networks
|
|
ensure_secrets
|
|
docker stack deploy --with-registry-auth -c ./stack.production.yml "$STACK_NAME"
|
|
docker stack ps "$STACK_NAME"
|
|
}
|
|
|
|
echo "=== Clean (stack rm + prune) on context: $DEPLOY_CTX ==="
|
|
clean_on_deploy_context
|
|
|
|
echo "=== Rebuild (on $DEPLOY_CTX, local images) ==="
|
|
build_on_deploy_context
|
|
|
|
echo "=== Redeploy on context: $DEPLOY_CTX ==="
|
|
deploy_on_deploy_context
|
|
|
|
echo "=== Done ==="
|