Merge pull request #61 from docksal/develop

Release 1.9.0
docksal · Apr 7, 2020 · e579f33 · e579f33
2 parents fcfbb27 + 01869e5
commit e579f33
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -431,3 +431,7 @@ REMOTE_BUILD_DIR_CLEANUP=0
 
 Such environments can be used for non-critical production-ish workloads, whenever an on-demand delayed start 
 (5-10s delay) is not a concern.
+
+## Feature: Secrets in environment variables
+
+It is best security practice not to store secrets such as API keys in a code repository. Many CI systems already have the ability to set such environment variables during the build process. Any environment variables set at build time whose name starts with `SECRET_` will be forwarded as-is to the built environment.
diff --git a/base/bin/build-env b/base/bin/build-env
@@ -3,11 +3,15 @@
 # Configures build environment variables
 # This file should be sources at the beginning of a build
 #
-# Usage source build-env
+# Usage: source build-env
 
 # IMPORTANT: This script is sourced in the build environment.
 # Any settings set here using set/trap/etc. will propagate to all build steps.
 
+# Ensure this script is sourced
+# Credit: https://stackoverflow.com/a/28776166
+(return 0 2>/dev/null) || (echo "This script must be sourced! (source build-env)"; exit 1)
+
 # -------------------- Constants -------------------- #
 
 DEBUG=${DEBUG:-0}  # `DEBUG=1 build-env` to run with debugging turned ON

diff --git a/base/bin/build-init b/base/bin/build-init
@@ -94,13 +94,11 @@ fi
 # inject each variable/value pair into docksal-$BUILD_ENVIRONMENT.env. This allows you to
 # add secure variables to your project's repository that can be injected into
 # each sandbox environment.
-secrets="$(compgen -A variable | grep '^SECRET_')" || true
-if [[ "${secrets}" != "" ]]; then
+if secrets=$(compgen -v | grep '^SECRET_'); then
 	echo "Passing build secrets to sandbox..."
-	for secret in "$secrets"
-	do
-		build-exec "fin config set $secret='${!secret}' --env=${BUILD_ENVIRONMENT}"
-	done
+	while read secret; do
+		build-exec "fin config set ${secret}='${!secret}' --env=${BUILD_ENVIRONMENT}"
+	done <<< "${secrets}"
 fi
 
 set +e
diff --git a/php/Dockerfile b/php/Dockerfile
@@ -5,6 +5,7 @@ USER root
 
 RUN set -xe; \
 	apk add --update --no-cache \
+		mysql-client \
 		php7 \
 		php7-ctype \
 		php7-curl \
@@ -13,6 +14,7 @@ RUN set -xe; \
 		php7-json \
 		php7-mbstring \
 		php7-openssl \
+		php7-pdo_mysql \
 		php7-phar \
 		php7-posix \
 		php7-simplexml \

diff --git a/tests/php-modules.txt b/tests/php-modules.txt
@@ -10,8 +10,11 @@ hash
 json
 libxml
 mbstring
+mysqlnd
 openssl
 pcre
+PDO
+pdo_mysql
 Phar
 posix
 readline