Update stuff
This commit is contained in:
Gabriel Brown
+69
-11
@@ -4,26 +4,32 @@ set -euo pipefail
|
||||
ROOT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
|
||||
usage() {
|
||||
printf 'usage: sync-convex-env <dev|staging>\n' >&2
|
||||
printf 'usage: sync-convex-env <dev|staging|production|prod>\n' >&2
|
||||
exit 2
|
||||
}
|
||||
|
||||
ENVIRONMENT="${1:-}"
|
||||
[[ "$ENVIRONMENT" == dev || "$ENVIRONMENT" == staging ]] || usage
|
||||
[[ "$ENVIRONMENT" == dev || "$ENVIRONMENT" == staging || "$ENVIRONMENT" == production || "$ENVIRONMENT" == prod ]] || usage
|
||||
INFISICAL_ENV="$ENVIRONMENT"
|
||||
case "$INFISICAL_ENV" in
|
||||
production) INFISICAL_ENV=prod ;;
|
||||
esac
|
||||
|
||||
if [[ "${2:-}" != "--from-current-env" ]]; then
|
||||
ENV_FILE="$(mktemp "${TMPDIR:-/tmp}/spoon-convex-env.XXXXXX.env")"
|
||||
trap 'rm -f "$ENV_FILE"' EXIT INT TERM HUP
|
||||
sh "$ROOT_DIR/scripts/export-env" "$ENVIRONMENT" > "$ENV_FILE"
|
||||
exec bunx dotenv -e "$ENV_FILE" -- "$0" "$ENVIRONMENT" --from-current-env
|
||||
exec bun dotenv -e "$ENV_FILE" -- "$0" "$ENVIRONMENT" --from-current-env
|
||||
fi
|
||||
|
||||
info() { printf '▶ %s\n' "$*"; }
|
||||
warn() { printf 'Warning: %s\n' "$*" >&2; }
|
||||
STATE_FILE="$ROOT_DIR/.local/$ENVIRONMENT.generated.env"
|
||||
STATE_FILE="$ROOT_DIR/.local/$INFISICAL_ENV.generated.env"
|
||||
MISSING_REQUIRED=0
|
||||
MISSING_REQUIRED_NAMES=()
|
||||
|
||||
convex_env_names() {
|
||||
(cd "$ROOT_DIR/packages/backend" && bunx convex env list) 2>/dev/null \
|
||||
(cd "$ROOT_DIR/packages/backend" && bun convex env list) 2>/dev/null \
|
||||
| sed -n 's/^\([A-Za-z_][A-Za-z0-9_]*\)=.*/\1/p'
|
||||
}
|
||||
|
||||
@@ -44,11 +50,61 @@ set_convex_env() {
|
||||
|
||||
tmp="$(mktemp "${TMPDIR:-/tmp}/spoon-convex-value.XXXXXX")"
|
||||
printf '%s' "$value" > "$tmp"
|
||||
(cd "$ROOT_DIR/packages/backend" && bunx convex env set "$name" --from-file "$tmp" >/dev/null)
|
||||
(cd "$ROOT_DIR/packages/backend" && bun convex env set "$name" --from-file "$tmp" >/dev/null)
|
||||
rm -f "$tmp"
|
||||
printf ' synced %s\n' "$name"
|
||||
}
|
||||
|
||||
require_exported_env() {
|
||||
local name="$1"
|
||||
if [[ -z "${!name-}" ]]; then
|
||||
printf 'Error: required %s is missing from exported %s environment.\n' "$name" "$ENVIRONMENT" >&2
|
||||
MISSING_REQUIRED=1
|
||||
MISSING_REQUIRED_NAMES+=("$name")
|
||||
fi
|
||||
}
|
||||
|
||||
require_available_env() {
|
||||
local name="$1"
|
||||
if [[ -n "${!name-}" ]] || convex_env_has "$name"; then
|
||||
return 0
|
||||
fi
|
||||
printf 'Error: required %s is missing from exported %s environment and Convex env.\n' "$name" "$ENVIRONMENT" >&2
|
||||
MISSING_REQUIRED=1
|
||||
MISSING_REQUIRED_NAMES+=("$name")
|
||||
}
|
||||
|
||||
require_non_dev_env() {
|
||||
[[ "$ENVIRONMENT" != dev ]] || return 0
|
||||
for name in \
|
||||
JWT_PRIVATE_KEY \
|
||||
JWKS \
|
||||
AUTH_AUTHENTIK_ID \
|
||||
AUTH_AUTHENTIK_SECRET \
|
||||
AUTH_AUTHENTIK_ISSUER \
|
||||
AUTH_GITHUB_ID \
|
||||
AUTH_GITHUB_SECRET \
|
||||
SPOON_ENCRYPTION_KEY
|
||||
do
|
||||
require_available_env "$name"
|
||||
done
|
||||
if [[ -z "${SITE_URL:-}" && -z "${NEXT_PUBLIC_SITE_URL:-}" ]]; then
|
||||
if convex_env_has SITE_URL; then
|
||||
return 0
|
||||
fi
|
||||
printf 'Error: required SITE_URL or NEXT_PUBLIC_SITE_URL is missing from exported %s environment and SITE_URL is missing from Convex env.\n' "$ENVIRONMENT" >&2
|
||||
MISSING_REQUIRED=1
|
||||
MISSING_REQUIRED_NAMES+=("SITE_URL")
|
||||
fi
|
||||
}
|
||||
|
||||
finish_required_env_check() {
|
||||
[[ "$MISSING_REQUIRED" -eq 0 ]] && return 0
|
||||
printf '\nConvex env sync completed for available values, but required values are still missing: %s\n' "${MISSING_REQUIRED_NAMES[*]}" >&2
|
||||
printf '\nGenerate missing Convex Auth keys with:\n bun auth:keys\n\nStore missing values in Infisical/Gitea, then rerun sync.\n' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
set_literal_convex_env() {
|
||||
local name="$1"
|
||||
local value="$2"
|
||||
@@ -56,7 +112,7 @@ set_literal_convex_env() {
|
||||
|
||||
tmp="$(mktemp "${TMPDIR:-/tmp}/spoon-convex-value.XXXXXX")"
|
||||
printf '%s' "$value" > "$tmp"
|
||||
(cd "$ROOT_DIR/packages/backend" && bunx convex env set "$name" --from-file "$tmp" >/dev/null)
|
||||
(cd "$ROOT_DIR/packages/backend" && bun convex env set "$name" --from-file "$tmp" >/dev/null)
|
||||
rm -f "$tmp"
|
||||
printf ' synced %s\n' "$name"
|
||||
}
|
||||
@@ -95,8 +151,7 @@ sync_generated_dev_auth_keys() {
|
||||
set_literal_convex_env JWKS "$jwks"
|
||||
}
|
||||
|
||||
sync_generated_dev_encryption_key() {
|
||||
[[ "$ENVIRONMENT" == dev ]] || return 0
|
||||
sync_encryption_key() {
|
||||
if [[ -n "${SPOON_ENCRYPTION_KEY:-}" ]]; then
|
||||
set_convex_env SPOON_ENCRYPTION_KEY
|
||||
return 0
|
||||
@@ -105,7 +160,7 @@ sync_generated_dev_encryption_key() {
|
||||
return 0
|
||||
fi
|
||||
|
||||
info "Generating local Spoon encryption key"
|
||||
info "Generating $ENVIRONMENT Spoon encryption key"
|
||||
local encryption_key
|
||||
encryption_key="$(generate_secret)"
|
||||
[[ -n "$encryption_key" ]] || {
|
||||
@@ -161,8 +216,9 @@ CURRENT_CONVEX_ENV_NAMES="$(convex_env_names || true)"
|
||||
|
||||
info "Syncing $ENVIRONMENT environment variables into Convex"
|
||||
sync_generated_dev_auth_keys
|
||||
sync_generated_dev_encryption_key
|
||||
sync_encryption_key
|
||||
sync_generated_dev_worker_token
|
||||
require_non_dev_env
|
||||
|
||||
for name in \
|
||||
JWT_PRIVATE_KEY \
|
||||
@@ -193,4 +249,6 @@ done
|
||||
|
||||
sync_site_url
|
||||
|
||||
finish_required_env_check
|
||||
|
||||
info "Convex environment sync complete"
|
||||
|
||||
Reference in New Issue
Block a user