gnutaler-docker/entrypoints/with-dbinit.sh

#!/usr/bin/env bash
set -euo pipefail

: "${PGHOST:=postgres}"
: "${PGPORT:=5432}"
: "${PGUSER:=postgres}"
: "${PGPASSWORD:=taler}"

if [[ -z "${DB_NAME:-}" ]]; then
  echo "DB_NAME not set; cannot run dbinit" >&2
  exit 1
fi

if [[ -z "${INIT_CMD:-}" ]]; then
  echo "INIT_CMD not set; cannot run dbinit" >&2
  exit 1
fi

SERVICE_CMD=("$@")

render_template() {
  local src="$1"
  local dst="$2"
  if [[ -f "${src}" ]]; then
    echo "Rendering template ${src} -> ${dst}"
    envsubst < "${src}" > "${dst}"
  fi
}

render_templates() {
  case "${SERVICE_CMD[0]:-}" in
    taler-exchange-httpd|taler-exchange-*)
      render_template /etc/taler/taler-exchange.conf.tmpl /etc/taler/taler-exchange.conf
      render_template /etc/taler/conf.d/99-exchange.conf.tmpl /etc/taler/conf.d/99-exchange.conf
      ;;
    taler-merchant-httpd|taler-merchant-*)
      render_template /etc/taler-merchant/merchant.conf.tmpl /etc/taler-merchant/merchant.conf
      ;;
    libeufin-bank)
      render_template /etc/libeufin/bank.conf.tmpl /etc/libeufin/bank.conf
      ;;
  esac
}

render_templates

wait_for_db() {
  echo "Waiting for Postgres at ${PGHOST}:${PGPORT}..."
  until pg_isready -h "${PGHOST}" -p "${PGPORT}" -U "${PGUSER}" >/dev/null 2>&1; do
    sleep 1
  done
}

db_has_tables() {
  local count
  count="$(psql -h "${PGHOST}" -p "${PGPORT}" -U "${PGUSER}" -d "${DB_NAME}" -Atc \
    "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema='public';")"
  [[ "${count}" != "0" ]]
}

run_init() {
  if [[ "${SKIP_DBINIT:-}" == "1" ]]; then
    echo "SKIP_DBINIT=1 set; skipping dbinit for ${DB_NAME}"
    return
  fi

  echo "Running dbinit for ${DB_NAME}: ${INIT_CMD}"
  # shellcheck disable=SC2206
  init_arr=(${INIT_CMD})
  "${init_arr[@]}"
}

set_libeufin_admin_password() {
  # Only relevant for libeufin-bank service and if credentials are provided.
  if [[ "${SERVICE_CMD[0]:-}" != "libeufin-bank" ]]; then
    return
  fi
  if [[ -z "${LIBEUFIN_ADMIN_USER:-}" || -z "${LIBEUFIN_ADMIN_PASSWORD:-}" ]]; then
    return
  fi
  echo "Setting LibEuFin admin password for user ${LIBEUFIN_ADMIN_USER}"
  if ! printf "%s\n%s\n" "${LIBEUFIN_ADMIN_PASSWORD}" "${LIBEUFIN_ADMIN_PASSWORD}" | \
    libeufin-bank passwd "${LIBEUFIN_ADMIN_USER}" -c /etc/libeufin/bank.conf; then
    echo "Warning: failed to set LibEuFin admin password" >&2
  fi
}

ensure_libeufin_user() {
  # Create/update a non-admin bank user if configured.
  if [[ "${SERVICE_CMD[0]:-}" != "libeufin-bank" ]]; then
    return
  fi
  if [[ -z "${LIBEUFIN_USER:-}" || -z "${LIBEUFIN_USER_PASSWORD:-}" ]]; then
    return
  fi
  echo "Ensuring LibEuFin user ${LIBEUFIN_USER}"
  if ! libeufin-bank users add "${LIBEUFIN_USER}" --password "${LIBEUFIN_USER_PASSWORD}" \
    -c /etc/libeufin/bank.conf 2>/tmp/libeufin-add-user.log; then
    if grep -qi "already exists" /tmp/libeufin-add-user.log; then
      echo "LibEuFin user ${LIBEUFIN_USER} already exists; skipping creation."
    else
      echo "Warning: failed to ensure LibEuFin user ${LIBEUFIN_USER}" >&2
      cat /tmp/libeufin-add-user.log >&2
    fi
  fi
}

wait_for_db
if db_has_tables; then
  echo "Database ${DB_NAME} already initialized; skipping dbinit."
else
  run_init
fi
render_templates
set_libeufin_admin_password
ensure_libeufin_user

echo "Starting service command: ${SERVICE_CMD[*]}"
exec "${SERVICE_CMD[@]}"