Support supplied cert/key pair supplied as env vars

climatepolicyradar · Nov 1, 2023 · 2dff8bb · 2dff8bb
1 parent f5cf19e
commit 2dff8bb
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -13,6 +13,8 @@ VESPA_URL=https://localhost
 VESPA_SEARCH_MATCHES_PER_DOC=20
 VESPA_SECRETS_LOCATION=/secrets
 VESPA_SEARCH_LIMIT=150
+# VESPA_CERT=
+# VESPA_KEY=
 
 # Shared search config
 INDEX_ENCODER_CACHE_FOLDER=/models

diff --git a/Dockerfile b/Dockerfile
@@ -34,6 +34,7 @@ RUN pip3 install --no-cache -r requirements.txt
 
 # Download the sentence transformer model
 RUN mkdir /models
+RUN mkdir /secrets
 RUN python3 -c "from sentence_transformers import SentenceTransformer; SentenceTransformer('msmarco-distilbert-dot-v5', cache_folder='/models')"
 
 # Copy files to image
@@ -43,6 +44,7 @@ COPY app ./app
 COPY scripts ./scripts
 COPY LICENSE.md .
 COPY README.md .
+COPY startup.sh .
 
 ENV PYTHONPATH=/cpr-backend
-CMD python3 app/main.py
+CMD [ "/bin/bash", "/cpr-backend/startup.sh" ]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -46,7 +46,7 @@ services:
       context: ./
       dockerfile: Dockerfile
     image: navigator-backend
-    command: python app/main.py
+    command: /bin/bash /cpr-backend/startup.sh
     tty: true
     volumes:
       - ./:/cpr-backend/:cached

diff --git a/startup.sh b/startup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# base64 decode key/cert supplied in env vars
+if [ -n "${VESPA_CERT}" ]; then
+    echo "${VESPA_CERT}" openssl base64 -A -d > "${VESPA_SECRETS_LOCATION}/cert.pem"
+else
+    echo "No Vespa certificate supplied, skipping file creation"
+fi
+
+if [ -n "${VESPA_KEY}" ]; then
+    echo "${VESPA_KEY}" openssl base64 -A -d > "${VESPA_SECRETS_LOCATION}/key.pem"
+else
+    echo "No Vespa key supplied, skipping file creation"
+fi
+
+echo "Starting backend app"
+python3 app/main.py