dave
69 lines
3.4 KiB
Bash
Executable File
69 lines
3.4 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
# ── SSH authorized key ────────────────────────────────────────────────
|
|
# HUSKIES_SSH_PUBKEY is set by `new project` when it generates a keypair.
|
|
# Write it to authorized_keys so the user can connect with the matching
|
|
# private key stored at ~/.huskies/<project>/id_ed25519 on the host.
|
|
if [ -n "$HUSKIES_SSH_PUBKEY" ]; then
|
|
mkdir -p /home/huskies/.ssh
|
|
chmod 700 /home/huskies/.ssh
|
|
printf '%s\n' "$HUSKIES_SSH_PUBKEY" > /home/huskies/.ssh/authorized_keys
|
|
chmod 600 /home/huskies/.ssh/authorized_keys
|
|
fi
|
|
|
|
# ── SSH daemon ────────────────────────────────────────────────────────
|
|
# Start sshd in the background so the container accepts SSH connections.
|
|
# Uses sudo (huskies has NOPASSWD for /usr/sbin/sshd in sudoers.d).
|
|
sudo /usr/sbin/sshd -D -e &
|
|
|
|
# ── Git identity ─────────────────────────────────────────────────────
|
|
# Agents commit code inside the container. Without a git identity,
|
|
# commits fail or use garbage defaults. Fail loudly at startup so the
|
|
# operator knows immediately.
|
|
if [ -z "$GIT_USER_NAME" ]; then
|
|
echo "FATAL: GIT_USER_NAME is not set. Export it in your environment or docker-compose.yml." >&2
|
|
exit 1
|
|
fi
|
|
if [ -z "$GIT_USER_EMAIL" ]; then
|
|
echo "FATAL: GIT_USER_EMAIL is not set. Export it in your environment or docker-compose.yml." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Set git identity globally so it persists for all shells (docker exec, etc.),
|
|
# not just the entrypoint process tree.
|
|
git config --global user.name "$GIT_USER_NAME"
|
|
git config --global user.email "$GIT_USER_EMAIL"
|
|
|
|
# Also set env vars for backwards compatibility.
|
|
export GIT_AUTHOR_NAME="$GIT_USER_NAME"
|
|
export GIT_COMMITTER_NAME="$GIT_USER_NAME"
|
|
export GIT_AUTHOR_EMAIL="$GIT_USER_EMAIL"
|
|
export GIT_COMMITTER_EMAIL="$GIT_USER_EMAIL"
|
|
|
|
# ── Git credential helper (HTTPS push) ────────────────────────────────────
|
|
# If GIT_PUSH_TOKEN is supplied at container creation time, configure git's
|
|
# built-in credential store so `git push` over HTTPS authenticates without
|
|
# user interaction. GIT_CLONE_URL provides the host portion of the URL used
|
|
# as the key in ~/.git-credentials.
|
|
if [ -n "$GIT_PUSH_TOKEN" ] && [ -n "$GIT_CLONE_URL" ]; then
|
|
_scheme=$(echo "$GIT_CLONE_URL" | cut -d':' -f1)
|
|
_host=$(echo "$GIT_CLONE_URL" | sed 's|^https\?://||' | cut -d'/' -f1)
|
|
git config --global credential.helper store
|
|
printf '%s://x-access-token:%s@%s\n' "$_scheme" "$GIT_PUSH_TOKEN" "$_host" \
|
|
> /home/huskies/.git-credentials
|
|
chmod 600 /home/huskies/.git-credentials
|
|
fi
|
|
|
|
# ── Frontend native deps ────────────────────────────────────────────
|
|
# The project repo is bind-mounted from the host, so node_modules/
|
|
# may contain native binaries for the wrong platform (e.g. darwin
|
|
# binaries on a Linux container). Reinstall to get the right ones.
|
|
if [ -d /workspace/frontend ] && [ -f /workspace/frontend/package.json ]; then
|
|
echo "Installing frontend dependencies for container platform..."
|
|
cd /workspace/frontend && npm ci --prefer-offline 2>/dev/null || true
|
|
cd /workspace
|
|
fi
|
|
|
|
exec "$@"
|