Merge pull request 'feat: some docs and fixes to allow building in docker without secrets again' (#5007 ) from feat/docker-secrets into master

Reviewed-on: #5007
feat: some docs and fixes to allow building in docker without secrets again
2025-05-03 19:12:18 +00:00 · 2025-05-03 20:10:50 +01:00
3 changed files with 26 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -110,7 +110,25 @@ The pages can be built and served by running `./build.py`. Try `--help` for more

 ### Docker

-Simply running `docker compose run --service-ports build --serve` should build the webpages and make them available over localhost.
+The docker build process is in some ways designed for deployment. This means that it expects some environment variables to be set to function. Namely, it will try and load ssh credentials and git credentials, and docker does not support providing default values to these.
+
+So, to stub out this functionality, please set the environment variables
+`KEY_PRIVATE KEY_PASSWORD GIT_TOKEN` to equal `none` when running docker. One can set them for the shell session, an example in bash is seen below.
+
+```
+export KEY_PRIVATE=none;
+export KEY_PASSWORD=none;
+export GIT_TOKEN=none;
+```
+One can then run Docker commands like `docker compose ...`.
+
+Alternatively one can prefix the Docker commands with the required variables, like so
+```
+KEY_PRIVATE=none KEY_PASSWORD=none GIT_TOKEN=none docker compose
+```
+Once your preferred method has been chosen, simply running `docker compose run --service-ports build --serve` should build the webpages and make them available over localhost.
+
+
 Some more explanation: we are essentially just using docker as a way to provide dependencies and then running the build script. All flags after `build` are passed to `build.py`. The `service-ports` flag is required to open ports from the container for serving the output, not needed if not using the `--serve` flag of the build script.

 ## Githooks
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -4,13 +4,14 @@ set -euo pipefail
 # Ran from the volume of the website source mounted at /website-source

 # Load sshkeys
-if [ -f /run/secrets/KEY_PRIVATE ]; then
+if [ -f /run/secrets/KEY_PRIVATE ] && [ "$(cat /run/secrets/KEY_PRIVATE)" != "none" ]; then
+
 	# Start ssh-agent
 	eval "$(ssh-agent)"

 	# Create config file with required keys
 	mkdir -p ~/.ssh
-	echo "AddKeysToAgent yes" > ~/.ssh/config
+	echo "AddKeysToAgent yes" >~/.ssh/config
 	# Tighten permissions to keep ssh-add happy
 	chmod 400 /run/secrets/KEY_*
 	PASSWORD="$(cat "/run/secrets/KEY_PASSWORD")"
@ -31,7 +32,7 @@ else
 	echo "Secret not defined!"
 fi

-if [ -f /run/secrets/GIT_TOKEN ]; then
+if [ -f /run/secrets/GIT_TOKEN ] && [ "$(cat /run/secrets/GIT_TOKEN)" != "none" ]; then
 	export GIT_TOKEN="$(cat "/run/secrets/GIT_TOKEN")"
 fi

--- a/shell.nix
+++ b/shell.nix
@ -49,8 +49,8 @@ pkgs.mkShell {
  ];
  shellHook = ''
    export PIP_DISABLE_PIP_VERSION_CHECK=1;
-    python -m venv .venv
-    source .venv/bin/activate
-    pip install -r requirements.txt
+    python -m venv .venv;
+    source .venv/bin/activate;
+    pip install -r requirements.txt;
  '';
 }
Author	SHA1	Message	Date
delliott	4684fccb2b	Merge pull request 'feat: some docs and fixes to allow building in docker without secrets again' (#5007 ) from feat/docker-secrets into master All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #5007	2025-05-03 19:12:18 +00:00
Darragh Elliott	0c9f3b4369	feat: some docs and fixes to allow building in docker without secrets again All checks were successful continuous-integration/drone/pr Build is passing Details	2025-05-03 20:10:50 +01:00