Merge pull request #2261 from paperless-ngx/fix/2248-file-env-stuff

Bugfix: Reading environment from files didn't work for management commands

Dockerfile

@@ -165,6 +165,7 @@ COPY [ \
   "docker/docker-prepare.sh", \
   "docker/paperless_cmd.sh", \
   "docker/wait-for-redis.py", \
+  "docker/env-from-file.sh", \
   "docker/management_script.sh", \
   "docker/flower-conditional.sh", \
   "docker/install_management_commands.sh", \
@@ -184,6 +185,8 @@ RUN set -eux \
     && chmod 755 /sbin/docker-prepare.sh \
     && mv wait-for-redis.py /sbin/wait-for-redis.py \
     && chmod 755 /sbin/wait-for-redis.py \
+    && mv env-from-file.sh /sbin/env-from-file.sh \
+    && chmod 755 /sbin/env-from-file.sh \
     && mv paperless_cmd.sh /usr/local/bin/paperless_cmd.sh \
     && chmod 755 /usr/local/bin/paperless_cmd.sh \
     && mv flower-conditional.sh /usr/local/bin/flower-conditional.sh \

docker/docker-entrypoint.sh

@@ -2,37 +2,6 @@
 
 set -e
 
-# Adapted from:
-# https://github.com/docker-library/postgres/blob/master/docker-entrypoint.sh
-# usage: file_env VAR
-#    ie: file_env 'XYZ_DB_PASSWORD' will allow for "$XYZ_DB_PASSWORD_FILE" to
-# fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's
-# secrets feature
-file_env() {
-	local -r var="$1"
-	local -r fileVar="${var}_FILE"
-
-	# Basic validation
-	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-		exit 1
-	fi
-
-	# Only export var if the _FILE exists
-	if [ "${!fileVar:-}" ]; then
-		# And the file exists
-		if [[ -f ${!fileVar} ]]; then
-			echo "Setting ${var} from file"
-			val="$(< "${!fileVar}")"
-			export "$var"="$val"
-		else
-			echo "File ${!fileVar} doesn't exist"
-			exit 1
-		fi
-	fi
-
-}
-
 # Source: https://github.com/sameersbn/docker-gitlab/
 map_uidgid() {
 	local -r usermap_original_uid=$(id -u paperless)
@@ -96,19 +65,11 @@ custom_container_init() {
 initialize() {
 
 	# Setup environment from secrets before anything else
-	for env_var in \
+	# Check for a version of this var with _FILE appended
-		PAPERLESS_DBUSER \
+	# and convert the contents to the env var value
-		PAPERLESS_DBPASS \
+	# Source it so export is persistent
-		PAPERLESS_SECRET_KEY \
+	# shellcheck disable=SC1091
-		PAPERLESS_AUTO_LOGIN_USERNAME \
+	source /sbin/env-from-file.sh
-		PAPERLESS_ADMIN_USER \
-		PAPERLESS_ADMIN_MAIL \
-		PAPERLESS_ADMIN_PASSWORD \
-		PAPERLESS_REDIS; do
-		# Check for a version of this var with _FILE appended
-		# and convert the contents to the env var value
-		file_env ${env_var}
-	done
 
 	# Change the user and group IDs if needed
 	map_uidgid

docker/env-from-file.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Scans the environment variables for those with the suffix _FILE
+# When located, checks the file exists, and exports the contents
+# of the file as the same name, minus the suffix
+# This allows the use of Docker secrets or mounted files
+# to fill in any of the settings configurable via environment
+# variables
+
+set -eu
+
+for line in $(printenv)
+do
+	# Extract the name of the environment variable
+	env_name=${line%%=*}
+	# Check if it ends in "_FILE"
+	if [[ ${env_name} == *_FILE ]]; then
+		# Extract the value of the environment
+		env_value=${line#*=}
+
+		# Check the file exists
+		if [[ -f ${env_value} ]]; then
+
+			# Trim off the _FILE suffix
+			non_file_env_name=${env_name%"_FILE"}
+			echo "Setting ${non_file_env_name} from file"
+
+			# Reads the value from th file
+			val="$(< "${!env_name}")"
+
+			# Sets the normal name to the read file contents
+			export "${non_file_env_name}"="${val}"
+
+		else
+			echo "File ${env_value} doesn't exist"
+			exit 1
+		fi
+	fi
+done

docker/management_script.sh

@@ -3,6 +3,9 @@
 set -e
 
 cd /usr/src/paperless/src/
+# This ensures environment is setup
+# shellcheck disable=SC1091
+source /sbin/env-from-file.sh
 
 if [[ $(id -u) == 0 ]] ;
 then