Merge pull request #5001 from openstates/entrypoint-support-for-googl…

…e-credentials Fix usage of --archive in container by using entrypoint to handle GCP credentials
openstates · Aug 2, 2024 · ea99b54 · ea99b54
2 parents d8d053c + a40a73a
commit ea99b54
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 84 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -57,4 +57,6 @@ RUN poetry install \
 
 ENV OPENSSL_CONF=/opt/openstates/openstates/openssl.cnf
 
-ENTRYPOINT ["poetry", "run", "os-update"]
+# Entrypoint enables proper support of Google Application Credentials as env variable
+COPY docker_entrypoint.sh /opt/openstates/entrypoint.sh
+ENTRYPOINT ["/bin/bash", "/opt/openstates/entrypoint.sh"]
diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+###
+# Entrypoint that sets up GOOGLE_APPLICATION_CREDENTIALS, if present
+#
+# This simple script:
+# 1. ensures any GOOGLE_APPLICATION_CREDENTIALS are correctly enabled
+# 2. Executes the actual CMD args passed to the container, using "poetry run os-update" as entrypoint
+#
+# Sometimes we want to be able to pass in Google Cloud Platform credentials as an environment variable,
+# but GCP libraries look for this to be saved as a file and for the env var to be a filepath.
+# Only intended to be used in docker containers
+###
+if [[ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]]; then
+    echo "Applying app credentials..."
+    echo "${GOOGLE_APPLICATION_CREDENTIALS}" > /creds.json
+    GOOGLE_APPLICATION_CREDENTIALS="/creds.json"
+    export GOOGLE_APPLICATION_CREDENTIALS
+elif [[ -n "${GOOGLE_CREDENTIAL_FILE}" ]]; then
+    echo "Assuming a valid credentials file is mounted at ${GOOGLE_CREDENTIAL_FILE}..."
+    GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CREDENTIAL_FILE}
+    export GOOGLE_APPLICATION_CREDENTIALS
+fi
+
+# shellcheck disable=SC2048 disable=SC2086
+poetry run os-update $*