Files
tfm_ainventory/backend/entrypoint.sh

45 lines
1.9 KiB
Bash
Executable File

#!/bin/bash
# =============================================================================
# backend/entrypoint.sh
# =============================================================================
# [D-07] Backend entrypoint - loads config from /app/config/ (YAML format)
# Config sources: /app/config/backend.yaml, /app/config/secrets.yaml, environment variables
# [D-06] Environment variables override YAML config (takes precedence)
# =============================================================================
set -euo pipefail
echo "🐳 [Docker] Backend container starting..."
echo "🐳 [Docker] DATA_DIR=${DATA_DIR:-/app/data}"
echo "🐳 [Docker] LOGS_DIR=${LOGS_DIR:-/app/logs}"
# Export defaults if not already set by docker-compose
export DATA_DIR="${DATA_DIR:-/app/data}"
export LOGS_DIR="${LOGS_DIR:-/app/logs}"
# Verify config is accessible
if [ ! -f "/app/config/backend.yaml" ]; then
echo "❌ [Docker] ERROR: /app/config/backend.yaml not found!"
echo "❌ [Docker] Config must be mounted from host at /app/config/ (read-only)"
echo "❌ [Docker] See config/README.md for setup instructions"
exit 1
fi
# Run shared first-run initialization
echo "🐳 [Docker] Running data initialization..."
bash /app/scripts/init_data.sh
# Fix permissions for mounted volumes (which might be root-owned by the host)
echo "🐳 [Docker] Fixing volume permissions..."
chown -R appuser:appuser "${DATA_DIR}" "${LOGS_DIR}"
chmod -R 770 "${DATA_DIR}" "${LOGS_DIR}"
# Verify logic: Ensure appuser can actually write before we hand off
echo "🐳 [Docker] Verifying directory writability..."
gosu appuser touch "${LOGS_DIR}/.startup_test" && rm "${LOGS_DIR}/.startup_test"
gosu appuser touch "${DATA_DIR}/.startup_test" && rm "${DATA_DIR}/.startup_test"
# Hand off to the application server as non-root user
echo "🐳 [Docker] Starting uvicorn as appuser..."
exec gosu appuser python -m uvicorn backend.main:app --host 0.0.0.0 --port 8000