diff --git a/backend/start-staging.sh b/backend/start-staging.sh index a8f62bc..c60b9c0 100755 --- a/backend/start-staging.sh +++ b/backend/start-staging.sh @@ -1,27 +1,16 @@ #!/bin/bash # rebreak-backend Staging — startet Nitro mit Infisical-Secrets. # -# Pattern: infisical login (universal-auth) → infisical run (--env=staging) -# spritzt secrets als process.env.X in den node-Prozess. -# Nitro's runtimeConfig (siehe nitro.config.ts) liest sie direkt — kein -# NUXT_*-Prefix-Mapping mehr nötig (jeder Key in nitro.config.ts hat -# `process.env.X ?? ""` als Default). -# -# Pfad-Konvention (Backyard-Layout, post-cutover): -# - Repo-Root: /srv/rebreak -# - Backend-Dir: /srv/rebreak/backend -# - Build-Output (deployt von scripts/deploy.sh): backend/.output-staging/server/index.mjs -# -# IMAP-Services (rebreak-imap-staging, rebreak-idle-staging) sind NICHT mehr -# Teil dieses Scripts — sie werden separat über ecosystem.config.js verwaltet -# (Mo's Scope, fährt unter /srv/rebreak/apps/rebreak/imap-{proxy,idle}/). +# Pattern: infisical login → infisical run --env=staging spritzt secrets als +# process.env.X. Innerhalb des wrappers mappen wir Infisical's Namen auf die +# Namen die unser Code erwartet (SUPABASE_KEY → SUPABASE_ANON_KEY, NUXT_X → X) +# UND auf NITRO_-Prefix-Names damit Nitro's runtimeConfig zur Laufzeit overrides. set -euo pipefail - source /etc/environment if [[ -z "${INFISICAL_CLIENT_ID:-}" || -z "${INFISICAL_CLIENT_SECRET:-}" ]]; then - echo "[start-staging] FEHLER: INFISICAL_CLIENT_ID / INFISICAL_CLIENT_SECRET nicht in /etc/environment" >&2 + echo "[start-staging] FEHLER: INFISICAL_CLIENT_ID / SECRET nicht gesetzt" >&2 exit 1 fi @@ -31,10 +20,7 @@ INFISICAL_TOKEN=$(infisical login \ --client-secret="${INFISICAL_CLIENT_SECRET}" \ --silent --plain 2>/dev/null) -if [[ -z "$INFISICAL_TOKEN" ]]; then - echo "[start-staging] FEHLER: Infisical login fehlgeschlagen" >&2 - exit 1 -fi +[[ -z "$INFISICAL_TOKEN" ]] && { echo "[start-staging] Infisical login fehlgeschlagen" >&2; exit 1; } export NODE_ENV=production export NITRO_PORT=3016 @@ -44,13 +30,39 @@ export PORT=3016 NODE_BIN="/root/.nvm/versions/node/v24.11.1/bin/node" INDEX_MJS="/srv/rebreak/backend/.output-staging/server/index.mjs" -if [[ ! -f "$INDEX_MJS" ]]; then - echo "[start-staging] FEHLER: $INDEX_MJS nicht gefunden — wurde deploy.sh ausgeführt?" >&2 - exit 1 -fi +[[ ! -f "$INDEX_MJS" ]] && { echo "[start-staging] FEHLER: $INDEX_MJS fehlt — deploy.sh laufen lassen" >&2; exit 1; } exec infisical run \ --projectId="${INFISICAL_PROJECT_ID:-14b11b35-ef59-4b8a-a16b-398f0cc3ad93}" \ --env=staging \ --token="$INFISICAL_TOKEN" \ - -- "$NODE_BIN" "$INDEX_MJS" + -- bash -c ' + set -e + # ─── Infisical-Name-Aliasing → Standard-Namen ────────────────────── + export SUPABASE_ANON_KEY="${SUPABASE_KEY:-${SUPABASE_ANON_KEY:-}}" + export SUPABASE_SERVICE_ROLE_KEY="${SUPABASE_SERVICE_KEY:-${SUPABASE_SERVICE_ROLE_KEY:-}}" + export OPENROUTER_API_KEY="${OPENROUTER_API_KEY:-${NUXT_OPENROUTER_API_KEY:-}}" + export GROQ_API_KEY="${GROQ_API_KEY:-${NUXT_GROQ_API_KEY:-}}" + export GOOGLE_API_KEY="${GOOGLE_API_KEY:-${NUXT_GOOGLE_API_KEY:-}}" + export DEEPGRAM_API_KEY="${DEEPGRAM_API_KEY:-${NUXT_DEEPGRAM_API_KEY:-}}" + export DATABASE_URL="${DATABASE_URL:-${NUXT_DATABASE_URL:-}}" + + # ─── NITRO_-Prefix für Runtime-Override des runtimeConfig ────────── + [[ -n "${SUPABASE_URL:-}" ]] && export NITRO_SUPABASE_URL="$SUPABASE_URL" && export NITRO_PUBLIC_SUPABASE_URL="$SUPABASE_URL" + [[ -n "${SUPABASE_ANON_KEY:-}" ]] && export NITRO_SUPABASE_ANON_KEY="$SUPABASE_ANON_KEY" && export NITRO_PUBLIC_SUPABASE_KEY="$SUPABASE_ANON_KEY" + [[ -n "${SUPABASE_SERVICE_ROLE_KEY:-}" ]] && export NITRO_SUPABASE_SERVICE_KEY="$SUPABASE_SERVICE_ROLE_KEY" + [[ -n "${DATABASE_URL:-}" ]] && export NITRO_DATABASE_URL="$DATABASE_URL" + [[ -n "${OPENROUTER_API_KEY:-}" ]] && export NITRO_OPENROUTER_API_KEY="$OPENROUTER_API_KEY" + [[ -n "${OPENAI_API_KEY:-}" ]] && export NITRO_OPENAI_API_KEY="$OPENAI_API_KEY" + [[ -n "${GROQ_API_KEY:-}" ]] && export NITRO_GROQ_API_KEY="$GROQ_API_KEY" + [[ -n "${GOOGLE_AI_API_KEY:-}" ]] && export NITRO_GOOGLE_AI_API_KEY="$GOOGLE_AI_API_KEY" + [[ -n "${GOOGLE_API_KEY:-}" ]] && export NITRO_GOOGLE_API_KEY="$GOOGLE_API_KEY" + [[ -n "${DEEPGRAM_API_KEY:-}" ]] && export NITRO_DEEPGRAM_API_KEY="$DEEPGRAM_API_KEY" + [[ -n "${CARTESIA_API_KEY:-}" ]] && export NITRO_CARTESIA_API_KEY="$CARTESIA_API_KEY" + [[ -n "${ELEVENLABS_API_KEY:-}" ]] && export NITRO_ELEVENLABS_API_KEY="$ELEVENLABS_API_KEY" + [[ -n "${JWT_SECRET:-}" ]] && export NITRO_JWT_SECRET="$JWT_SECRET" + [[ -n "${ENCRYPTION_KEY:-}" ]] && export NITRO_ENCRYPTION_KEY="$ENCRYPTION_KEY" + [[ -n "${ADMIN_SECRET:-}" ]] && export NITRO_ADMIN_SECRET="$ADMIN_SECRET" + + exec '"$NODE_BIN"' '"$INDEX_MJS"' + '