feat(db): set custom entrypoint script that enforces $PG_ENCRYPT_KEY

cryostatio · Oct 25, 2023 · 0b137cc · 0b137cc
1 parent 258c103
commit 0b137cc
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 8 deletions.
diff --git a/db/Dockerfile b/db/Dockerfile
@@ -1,2 +1,7 @@
+# FROM registry.redhat.io/rhel8/postgresql-15:latest
 FROM docker.io/library/postgres:15
-COPY ./pgcrypto.sql /docker-entrypoint-initdb.d/
+
+ENTRYPOINT ["/usr/local/bin/cryostat-db-entrypoint.bash"]
+
+COPY ./pgcrypto.sql /docker-entrypoint-initdb.d/pgcrypto.sql
+COPY ./entrypoint.bash /usr/local/bin/cryostat-db-entrypoint.bash
diff --git a/db/entrypoint.bash b/db/entrypoint.bash
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if [ "${DEBUG}" = "true" ]; then
+    set -xEeo pipefail
+fi
+
+if [ -z "${PG_ENCRYPT_KEY}" ]; then
+    echo "\$PG_ENCRYPT_KEY must be set and non-empty."
+    exit 1
+fi
+
+exec /usr/local/bin/docker-entrypoint.sh postgres -c encrypt.key="${PG_ENCRYPT_KEY}" "$@"
diff --git a/smoketest/compose/db.yml b/smoketest/compose/db.yml
@@ -9,13 +9,6 @@ services:
       QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/cryostat3
   db:
     image: quay.io/cryostat/cryostat3-db:dev
-    build: ../../db
-    entrypoint:
-      - /usr/local/bin/docker-entrypoint.sh
-    command:
-      - postgres
-      - -c
-      - encrypt.key=REPLACEME
     hostname: db
     expose:
       - "5432"