openclaw/clawdinators
openclaw/clawdinators
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33755bec7a
clawdinators/scripts/bootstrap-runtime.sh
Josh Palmer 0445635ae6 infra: rebootstrap on prefix change 
- record bootstrap prefix in secrets dir

- reset secrets when prefix differs
2026-02-03 18:27:30 -08:00

79 lines
2.3 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
bucket="${1:?S3 bucket required}"
prefix="${2:?S3 prefix required}"
secrets_dir="${3:?Secrets dir required}"
override_file="${BOOTSTRAP_PREFIX_FILE:-/etc/clawdinator/bootstrap-prefix}"
if [ -f "${override_file}" ]; then
override_prefix="$(cat "${override_file}")"
if [ -n "${override_prefix}" ]; then
prefix="${override_prefix}"
fi
fi
repo_seeds_dir="${4:?Repo seeds dir required}"
age_key_path="${5:?Age key path required}"
secrets_archive="${6:-secrets.tar.zst}"
repo_seeds_archive="${7:-repo-seeds.tar.zst}"
sentinel="${secrets_dir}/.bootstrap-ok"
prefix_marker="${secrets_dir}/.bootstrap-prefix"
reset_secrets=false
if [ -f "${sentinel}" ]; then
if [ -f "${prefix_marker}" ]; then
existing_prefix="$(cat "${prefix_marker}" || true)"
if [ "${existing_prefix}" = "${prefix}" ]; then
echo "clawdinator-bootstrap: already initialized"
exit 0
fi
echo "clawdinator-bootstrap: prefix changed (${existing_prefix} -> ${prefix}); reinitializing"
reset_secrets=true
else
echo "clawdinator-bootstrap: prefix marker missing; reinitializing"
reset_secrets=true
fi
fi
s3_base="s3://${bucket}/${prefix}"
workdir="$(mktemp -d)"
cleanup() {
rm -rf "${workdir}"
}
trap cleanup EXIT
mkdir -p "${secrets_dir}" "${repo_seeds_dir}" "$(dirname "${age_key_path}")"
if [ "${reset_secrets}" = "true" ]; then
rm -f "${secrets_dir}"/*.age
rm -f "${sentinel}" "${prefix_marker}"
fi
aws s3 cp "${s3_base}/${secrets_archive}" "${workdir}/secrets.tar.zst" --only-show-errors
aws s3 cp "${s3_base}/${repo_seeds_archive}" "${workdir}/repo-seeds.tar.zst" --only-show-errors
tmp_secrets="${workdir}/secrets"
mkdir -p "${tmp_secrets}"
tar --zstd -xf "${workdir}/secrets.tar.zst" -C "${tmp_secrets}"
if [ ! -f "${tmp_secrets}/clawdinator.agekey" ]; then
echo "clawdinator-bootstrap: missing clawdinator.agekey in secrets archive" >&2
exit 1
fi
install -m 0400 "${tmp_secrets}/clawdinator.agekey" "${age_key_path}"
if [ ! -d "${tmp_secrets}/secrets" ]; then
echo "clawdinator-bootstrap: missing secrets/ directory in secrets archive" >&2
exit 1
fi
cp -a "${tmp_secrets}/secrets/." "${secrets_dir}/"
chmod -R u=rw,go= "${secrets_dir}" || true
tar --zstd -xf "${workdir}/repo-seeds.tar.zst" -C "${repo_seeds_dir}"
printf '%s' "${prefix}" > "${prefix_marker}"
touch "${sentinel}"
echo "clawdinator-bootstrap: done"
Reference in New Issue View Git Blame Copy Permalink