44 lines
1.2 KiB
Bash
Executable File
44 lines
1.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Smoke-test verify-prod-env.sh rejects insecure values.
|
|
set -euo pipefail
|
|
|
|
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
TMP="$(mktemp)"
|
|
trap 'rm -f "$TMP"' EXIT
|
|
|
|
cat >"$TMP" <<'EOF'
|
|
PUBLIC_HOST=example.com
|
|
FE_PORT=8081
|
|
MINIO_API_PORT=19000
|
|
MINIO_CONSOLE_PORT=19001
|
|
MINIO_ROOT_USER=minio_user
|
|
MINIO_ROOT_PASSWORD=long_random_minio_secret_value
|
|
POSTGRES_USER=initiative
|
|
POSTGRES_PASSWORD=long_random_postgres_secret
|
|
POSTGRES_DB=initiatives
|
|
JWT_SECRET=short
|
|
MINIO_API_CORS_ALLOW_ORIGIN=*
|
|
EOF
|
|
|
|
if ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null 2>&1; then
|
|
echo "FAIL: verify-prod-env.sh should reject short JWT_SECRET and CORS *" >&2
|
|
exit 1
|
|
fi
|
|
|
|
cat >"$TMP" <<'EOF'
|
|
PUBLIC_HOST=example.com
|
|
FE_PORT=8081
|
|
MINIO_API_PORT=19000
|
|
MINIO_CONSOLE_PORT=19001
|
|
MINIO_ROOT_USER=minio_user
|
|
MINIO_ROOT_PASSWORD=long_random_minio_secret_value
|
|
POSTGRES_USER=initiative
|
|
POSTGRES_PASSWORD=long_random_postgres_secret
|
|
POSTGRES_DB=initiatives
|
|
JWT_SECRET=this-is-a-valid-production-jwt-secret-32chars-min
|
|
MINIO_API_CORS_ALLOW_ORIGIN=https://example.com
|
|
EOF
|
|
|
|
ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null
|
|
echo "OK — verify-prod-env.sh accepts secure sample .env"
|