Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
378ed61002fbc1afbd925cc767f7d5f16a383691
CapaKraken/tooling/docker/app-dev-start.sh
T
Hartmut 78d50b78d3 fix: script portability and npm security updates 
Scripts:
- stop.sh: replace Linux-only fuser with cross-platform lsof fallback
- start.sh: parameterize port (APP_PORT) and container name (dynamic lookup)
- app-dev-start.sh: cross-platform stat (GNU -c / BSD -f) and setpriv/su fallback
- deploy-compose.sh: parameterize Docker registry via DOCKER_REGISTRY env var
- harden-postgres.sh: make DB_USER and DB_NAME configurable via env vars

NPM security:
- next: 15.5.12 → 15.5.15 (fixes HTTP request smuggling CVE)
- nodemailer: 8.0.1 → 8.0.5 (fixes SMTP command injection CVEs)
- lodash-es: add pnpm override to force >=4.18.0 (fixes code injection + prototype pollution)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 14:06:58 +02:00

45 lines
1.4 KiB
Bash
Raw Blame History

#!/bin/sh
set -eu
# Wait for postgres to be ready before running migrations
echo "Waiting for postgres..."
until pg_isready -h "${POSTGRES_HOST:-postgres}" -p "${POSTGRES_PORT:-5432}" -q; do
sleep 1
done
echo "Postgres is ready."
# Regenerate Prisma client (needed after bind-mount overlays the image layer)
pnpm --filter @capakraken/db db:generate
# Run pending migrations so a fresh checkout boots against a current schema
pnpm --filter @capakraken/db db:migrate:deploy
pnpm check:exports
pnpm check:imports
repo_home="/tmp/capakraken-dev-home"
# Cross-platform stat: GNU stat uses -c, BSD/macOS stat uses -f
if stat -c '%u' /app >/dev/null 2>&1; then
repo_uid="$(stat -c '%u' /app)"
repo_gid="$(stat -c '%g' /app)"
else
repo_uid="$(stat -f '%u' /app)"
repo_gid="$(stat -f '%g' /app)"
fi
mkdir -p /app/apps/web/.next
mkdir -p "$repo_home/.config/pnpm"
chown -R "$repo_uid:$repo_gid" /app/apps/web/.next
chown -R "$repo_uid:$repo_gid" "$repo_home"
# Cross-platform privilege drop: setpriv (Linux) or su (macOS/BSD)
if command -v setpriv >/dev/null 2>&1; then
exec setpriv --reuid="$repo_uid" --regid="$repo_gid" --clear-groups \
env HOME="$repo_home" XDG_CONFIG_HOME="$repo_home/.config" \
pnpm --filter @capakraken/web exec next dev -H 0.0.0.0 -p 3100
else
exec su -s /bin/sh "#${repo_uid}" -c \
"HOME='$repo_home' XDG_CONFIG_HOME='$repo_home/.config' pnpm --filter @capakraken/web exec next dev -H 0.0.0.0 -p 3100"
fi
Reference in New Issue View Git Blame Copy Permalink