From 80ac0062d6b0d1cb9b1f468764cd331da1d0c29c Mon Sep 17 00:00:00 2001
From: Ethan Paul <e@enp.one>
Date: Fri, 9 May 2025 13:21:46 -0400
Subject: [PATCH] Add entrypoint for supporting loading secrets from _FILE env
 vars

---
 Containerfile |  6 ++++--
 entrypoint.sh | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100755 entrypoint.sh

diff --git a/Containerfile b/Containerfile
index 5f55d22..1ae842e 100644
--- a/Containerfile
+++ b/Containerfile
@@ -11,7 +11,7 @@ RUN python /install-poetry.py --yes --version ${POETRY_VERSION}
 ADD . /build
 WORKDIR /build
 
-RUN /root/.local/bin/poetry self add poetry-plugin-export
+RUN /root/.local/bin/poetry self add 'poetry-plugin-export<1.9'
 RUN /root/.local/bin/poetry export \
   --format requirements.txt \
   --output /build/requirements.txt \
@@ -35,6 +35,8 @@ RUN python -m pip install /tmp/wheels/*.whl \
   --disable-pip-version-check
 RUN rm -rf /tmp/wheels
 
-ENTRYPOINT ["s3cmd"]
+ADD entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["--help"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..3d225da
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+if [ -z "$AWS_ACCESS_KEY_ID_FILE" ]; then
+  export AWS_ACCESS_KEY_ID
+  export AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE")
+fi
+
+if [ -z "$AWS_SECRET_ACCESS_KEY_FILE" ]; then
+  export AWS_SECRET_ACCESS_KEY
+  export AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")
+fi
+
+s3cmd "$@"