284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
57 lines
2.1 KiB
Bash
Executable File
57 lines
2.1 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
# Enable better error reporting
|
|
trap 'echo "Error occurred at line $LINENO with exit code $?"' ERR
|
|
|
|
# Redirect stderr to stdout for Docker logging
|
|
exec 2>&1
|
|
|
|
# Read secrets into environment variables with shell safety
|
|
# Use IFS= and read -r to preserve whitespace and special characters
|
|
if [ ! -f /run/secrets/postgres_password ]; then
|
|
echo "Error: /run/secrets/postgres_password not found" >&2
|
|
exit 1
|
|
fi
|
|
|
|
POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
|
|
export POSTGRES_PASSWORD
|
|
|
|
# Default superuser credential for PgBouncer admin connections
|
|
POSTGRES_SUPERUSER_NAME=${POSTGRES_USER:-postgres}
|
|
|
|
# Optional secret for application user (required for PgBouncer auth)
|
|
DB_USER_SERVER_NAME=${DB_USER_SERVER:-app_user}
|
|
DB_PASSWORD_SERVER_FILE=/run/secrets/db_password_server
|
|
if [ ! -f "$DB_PASSWORD_SERVER_FILE" ]; then
|
|
echo "Error: $DB_PASSWORD_SERVER_FILE not found" >&2
|
|
exit 1
|
|
fi
|
|
DB_PASSWORD_SERVER=$(cat "$DB_PASSWORD_SERVER_FILE")
|
|
DB_PASSWORD_MD5=$(printf "%s%s" "$DB_PASSWORD_SERVER" "$DB_USER_SERVER_NAME" | md5sum | awk '{print $1}')
|
|
POSTGRES_PASSWORD_MD5=$(printf "%s%s" "$POSTGRES_PASSWORD" "$POSTGRES_SUPERUSER_NAME" | md5sum | awk '{print $1}')
|
|
|
|
echo "Config files created successfully" >&2
|
|
|
|
# Substitute environment variables in pgbouncer.ini
|
|
# Set default for POSTGRES_HOST if not provided (envsubst doesn't support ${VAR:-default})
|
|
: "${POSTGRES_HOST:=postgres}"
|
|
export POSTGRES_HOST
|
|
envsubst '$POSTGRES_HOST' < /etc/pgbouncer/pgbouncer.ini.template > /etc/pgbouncer/pgbouncer.ini
|
|
|
|
# Generate userlist for PgBouncer authentication compatible with auth_type=md5.
|
|
{
|
|
printf '"%s" "md5%s"\n' "$DB_USER_SERVER_NAME" "$DB_PASSWORD_MD5"
|
|
printf '"%s" "md5%s"\n' "$POSTGRES_SUPERUSER_NAME" "$POSTGRES_PASSWORD_MD5"
|
|
} > /etc/pgbouncer/userlist.txt
|
|
chmod 600 /etc/pgbouncer/userlist.txt
|
|
|
|
# Clear sensitive environment variables for security
|
|
unset POSTGRES_PASSWORD
|
|
unset DB_PASSWORD_SERVER
|
|
|
|
# Start pgbouncer
|
|
# Run pgbouncer as postgres user in foreground mode for Docker
|
|
echo "Starting pgbouncer as postgres user..." >&2
|
|
su postgres -c "pgbouncer /etc/pgbouncer/pgbouncer.ini"
|