Add entrypoint for supporting loading secrets from _FILE env vars

2025-05-09 13:21:46 -04:00
parent acf79a9c69
commit 80ac0062d6
2 changed files with 19 additions and 2 deletions
--- a/6
+++ b/6
@@ -11,7 +11,7 @@ RUN python /install-poetry.py --yes --version ${POETRY_VERSION}
 ADD . /build
 WORKDIR /build

-RUN /root/.local/bin/poetry self add poetry-plugin-export
+RUN /root/.local/bin/poetry self add 'poetry-plugin-export<1.9'
 RUN /root/.local/bin/poetry export \
  --format requirements.txt \
  --output /build/requirements.txt \
@@ -35,6 +35,8 @@ RUN python -m pip install /tmp/wheels/*.whl \
  --disable-pip-version-check
 RUN rm -rf /tmp/wheels

-ENTRYPOINT ["s3cmd"]
+ADD entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

 CMD ["--help"]
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+if [ -z "$AWS_ACCESS_KEY_ID_FILE" ]; then
+  export AWS_ACCESS_KEY_ID
+  export AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE")
+fi
+
+if [ -z "$AWS_SECRET_ACCESS_KEY_FILE" ]; then
+  export AWS_SECRET_ACCESS_KEY
+  export AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")
+fi
+
+s3cmd "$@"