Implement support for custom passwords in Docker builds by introducing .piscal-build.env file. Update build scripts to load environment variables from this file, enhancing security and flexibility. Revise README documentation to reflect new password handling options.
This commit is contained in:
@@ -48,6 +48,7 @@ piscal
|
||||
# Credential files (SECURITY - never commit these)
|
||||
credentials.txt
|
||||
passwords.txt
|
||||
.piscal-build.env
|
||||
*.secrets
|
||||
*.key
|
||||
*.pem
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
# Copy to .piscal-build.env and set your production password.
|
||||
# .piscal-build.env is gitignored - never commit it.
|
||||
#
|
||||
# PISCAL_SSH_PASSWORD=your_secure_password
|
||||
+22
-7
@@ -94,16 +94,31 @@ The image uses the v1 layout expected by the LeafWeb client:
|
||||
|
||||
## Advanced Usage
|
||||
|
||||
### Custom Credentials at Build Time
|
||||
### Baking In a Production Password
|
||||
|
||||
If you need different credentials, use Docker build arguments:
|
||||
To use a custom password without passing it on the command line:
|
||||
|
||||
**Option 1: `.piscal-build.env` (recommended)**
|
||||
|
||||
```bash
|
||||
docker build \
|
||||
--build-arg SSH_USERNAME=customuser \
|
||||
--build-arg SSH_PASSWORD=custompass \
|
||||
-t piscal:custom \
|
||||
.
|
||||
cp .piscal-build.env.example .piscal-build.env
|
||||
# Edit .piscal-build.env and set: PISCAL_SSH_PASSWORD=your_secure_password
|
||||
./build-docker.sh # or .\build-docker.ps1
|
||||
```
|
||||
|
||||
The build scripts automatically load `.piscal-build.env` (gitignored) and pass the password to the Docker build.
|
||||
|
||||
**Option 2: Environment variable**
|
||||
|
||||
```bash
|
||||
export PISCAL_SSH_PASSWORD="your_secure_password"
|
||||
./build-docker.sh
|
||||
```
|
||||
|
||||
**Option 3: Direct build-arg**
|
||||
|
||||
```bash
|
||||
docker build --build-arg SSH_PASSWORD=custompass -t piscal:custom .
|
||||
```
|
||||
|
||||
### Custom Storage Path
|
||||
|
||||
@@ -27,6 +27,8 @@ ssh -p 2222 piscaladmin@localhost
|
||||
# Password: piscaladmin
|
||||
```
|
||||
|
||||
For production builds with a custom password, copy `.piscal-build.env.example` to `.piscal-build.env` and set `PISCAL_SSH_PASSWORD`. See [README-Docker.md](README-Docker.md).
|
||||
|
||||
### Full Docker Documentation
|
||||
|
||||
See [README-Docker.md](README-Docker.md) for complete Docker build and deployment documentation, including:
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
# TODO
|
||||
|
||||
- [ ] **LeafWeb_storage sunset** – Migrate away from the LeafWeb_storage directory (input/output files) to SQL-backed storage. Data can be reconstituted from SQL as needed.
|
||||
+25
-10
@@ -3,6 +3,15 @@
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
# Load password from .piscal-build.env if it exists (gitignored)
|
||||
if (Test-Path .piscal-build.env) {
|
||||
Get-Content .piscal-build.env | ForEach-Object {
|
||||
if ($_ -match '^\s*([^#][^=]+)=(.*)$') {
|
||||
[Environment]::SetEnvironmentVariable($matches[1].Trim(), $matches[2].Trim(), 'Process')
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Generate version tag: YYYYMMDD-gitsha
|
||||
$DateTag = Get-Date -Format "yyyyMMdd"
|
||||
$GitSha = (git rev-parse --short HEAD).Trim()
|
||||
@@ -12,12 +21,12 @@ Write-Host "Building PISCAL Docker image..." -ForegroundColor Cyan
|
||||
Write-Host "Version: $Version" -ForegroundColor Cyan
|
||||
Write-Host ""
|
||||
|
||||
# Build with version tag and latest tag (using default ARGs for dev)
|
||||
docker build `
|
||||
-t "piscal:$Version" `
|
||||
-t piscal:latest `
|
||||
-t piscal:dev `
|
||||
.
|
||||
# Build args: use PISCAL_SSH_PASSWORD if set (from env or .piscal-build.env)
|
||||
$BuildArgs = @("-t", "piscal:$Version", "-t", "piscal:latest", "-t", "piscal:dev")
|
||||
if ($env:PISCAL_SSH_PASSWORD) {
|
||||
$BuildArgs += "--build-arg", "SSH_PASSWORD=$($env:PISCAL_SSH_PASSWORD)"
|
||||
}
|
||||
docker build @BuildArgs .
|
||||
|
||||
if ($LASTEXITCODE -eq 0) {
|
||||
Write-Host ""
|
||||
@@ -26,15 +35,21 @@ if ($LASTEXITCODE -eq 0) {
|
||||
Write-Host " - piscal:latest" -ForegroundColor Green
|
||||
Write-Host " - piscal:dev" -ForegroundColor Green
|
||||
Write-Host ""
|
||||
Write-Host "Default credentials (v1 layout):" -ForegroundColor Cyan
|
||||
Write-Host " Username: piscaladmin" -ForegroundColor Cyan
|
||||
Write-Host " Password: piscaladmin" -ForegroundColor Cyan
|
||||
if ($env:PISCAL_SSH_PASSWORD) {
|
||||
Write-Host "Credentials (from PISCAL_SSH_PASSWORD / .piscal-build.env):" -ForegroundColor Cyan
|
||||
Write-Host " Username: piscaladmin" -ForegroundColor Cyan
|
||||
Write-Host " Password: (custom)" -ForegroundColor Cyan
|
||||
} else {
|
||||
Write-Host "Default credentials (v1 layout):" -ForegroundColor Cyan
|
||||
Write-Host " Username: piscaladmin" -ForegroundColor Cyan
|
||||
Write-Host " Password: piscaladmin" -ForegroundColor Cyan
|
||||
}
|
||||
Write-Host " LeafWeb: /home/piscaladmin/LeafWeb (scripts + project dirs)" -ForegroundColor Cyan
|
||||
Write-Host " Storage: /home/piscaladmin/LeafWeb_storage" -ForegroundColor Cyan
|
||||
Write-Host " Executable: /home/piscaladmin/piscal_executable/piscal" -ForegroundColor Cyan
|
||||
Write-Host ""
|
||||
Write-Host "To run: docker run -d -p 2222:22 --name piscal-server piscal:latest" -ForegroundColor Yellow
|
||||
Write-Host "To SSH: ssh -p 2222 piscaladmin@localhost (password: piscaladmin)" -ForegroundColor Yellow
|
||||
Write-Host "To SSH: ssh -p 2222 piscaladmin@localhost" -ForegroundColor Yellow
|
||||
} else {
|
||||
Write-Host "Build failed!" -ForegroundColor Red
|
||||
exit $LASTEXITCODE
|
||||
|
||||
+24
-10
@@ -3,6 +3,13 @@
|
||||
|
||||
set -e
|
||||
|
||||
# Load password from .piscal-build.env if it exists (gitignored)
|
||||
if [ -f .piscal-build.env ]; then
|
||||
set -a
|
||||
source .piscal-build.env
|
||||
set +a
|
||||
fi
|
||||
|
||||
# Generate version tag: YYYYMMDD-gitsha
|
||||
DATE_TAG=$(date +%Y%m%d)
|
||||
GIT_SHA=$(git rev-parse --short HEAD)
|
||||
@@ -12,12 +19,13 @@ echo "Building PISCAL Docker image..."
|
||||
echo "Version: ${VERSION}"
|
||||
echo ""
|
||||
|
||||
# Build with version tag and latest tag (using default ARGs for dev)
|
||||
docker build \
|
||||
-t piscal:${VERSION} \
|
||||
-t piscal:latest \
|
||||
-t piscal:dev \
|
||||
.
|
||||
# Build args: use PISCAL_SSH_PASSWORD if set (from env or .piscal-build.env)
|
||||
BUILD_ARGS=(-t "piscal:${VERSION}" -t piscal:latest -t piscal:dev)
|
||||
if [ -n "${PISCAL_SSH_PASSWORD:-}" ]; then
|
||||
BUILD_ARGS+=(--build-arg "SSH_PASSWORD=${PISCAL_SSH_PASSWORD}")
|
||||
fi
|
||||
|
||||
docker build "${BUILD_ARGS[@]}" .
|
||||
|
||||
echo ""
|
||||
echo "Successfully built:"
|
||||
@@ -25,12 +33,18 @@ echo " - piscal:${VERSION}"
|
||||
echo " - piscal:latest"
|
||||
echo " - piscal:dev"
|
||||
echo ""
|
||||
echo "Default credentials (v1 layout):"
|
||||
echo " Username: piscaladmin"
|
||||
echo " Password: piscaladmin"
|
||||
if [ -n "${PISCAL_SSH_PASSWORD:-}" ]; then
|
||||
echo "Credentials (from PISCAL_SSH_PASSWORD / .piscal-build.env):"
|
||||
echo " Username: piscaladmin"
|
||||
echo " Password: (custom)"
|
||||
else
|
||||
echo "Default credentials (v1 layout):"
|
||||
echo " Username: piscaladmin"
|
||||
echo " Password: piscaladmin"
|
||||
fi
|
||||
echo " LeafWeb: /home/piscaladmin/LeafWeb (scripts + project dirs)"
|
||||
echo " Storage: /home/piscaladmin/LeafWeb_storage"
|
||||
echo " Executable: /home/piscaladmin/piscal_executable/piscal"
|
||||
echo ""
|
||||
echo "To run: docker run -d -p 2222:22 --name piscal-server piscal:latest"
|
||||
echo "To SSH: ssh -p 2222 piscaladmin@localhost (password: piscaladmin)"
|
||||
echo "To SSH: ssh -p 2222 piscaladmin@localhost"
|
||||
|
||||
Reference in New Issue
Block a user