#!/usr/bin/env bash # Smoke-test verify-prod-env.sh rejects insecure values. set -euo pipefail ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" TMP="$(mktemp)" trap 'rm -f "$TMP"' EXIT cat >"$TMP" <<'EOF' PUBLIC_HOST=example.com FE_PORT=8081 MINIO_API_PORT=19000 MINIO_CONSOLE_PORT=19001 MINIO_ROOT_USER=minio_user MINIO_ROOT_PASSWORD=long_random_minio_secret_value POSTGRES_USER=initiative POSTGRES_PASSWORD=long_random_postgres_secret POSTGRES_DB=initiatives JWT_SECRET=short MINIO_API_CORS_ALLOW_ORIGIN=* EOF if ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null 2>&1; then echo "FAIL: verify-prod-env.sh should reject short JWT_SECRET and CORS *" >&2 exit 1 fi cat >"$TMP" <<'EOF' PUBLIC_HOST=example.com FE_PORT=8081 MINIO_API_PORT=19000 MINIO_CONSOLE_PORT=19001 MINIO_ROOT_USER=minio_user MINIO_ROOT_PASSWORD=long_random_minio_secret_value POSTGRES_USER=initiative POSTGRES_PASSWORD=long_random_postgres_secret POSTGRES_DB=initiatives JWT_SECRET=this-is-a-valid-production-jwt-secret-32chars-min MINIO_API_CORS_ALLOW_ORIGIN=https://example.com EOF ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null echo "OK — verify-prod-env.sh accepts secure sample .env"