arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feat(test): split env config — .env (prod) vs .env.sandbox (sandbox)' (#17) from claude/test-env-sandbox-split into main

Browse Source
This commit was merged in pull request #17.
This commit is contained in:
arcodange
2026-06-29 11:26:39 +02:00
parent 04281f0ab7 e4a7f99333
commit 2154bf319e
3 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
test/.env.example
View File

@@ -1,19 +1,27 @@
# --- Production / default target (main.ts) --- # Copy this template to one of:
# .env — production target, loaded by main.ts
# .env.sandbox — sandbox target, loaded by provisionSandbox.ts
# Both are gitignored. Never commit real secret values.
# --- Target ---
# prod: https://erp.arcodange.lab (.env)
# sandbox: https://erp-sandbox.arcodange.lab (.env.sandbox)
DOLIBARR_ADDRESS=https://erp.arcodange.lab DOLIBARR_ADDRESS=https://erp.arcodange.lab
DOLI_DB_PASSWORD=
DOLI_ADMIN_LOGIN=admin DOLI_ADMIN_LOGIN=admin
DOLI_ADMIN_PASSWORD="" DOLI_ADMIN_PASSWORD=""
DOLI_DB_PASSWORD=""
ROOT_FOLDER=$HOME/erp ROOT_FOLDER=$HOME/erp
# --- Sandbox provisioning (provisionSandbox.ts) --- # Populate the passwords from the cluster secrets, e.g. (prod shown):
# Point at the sandbox and reuse the DOLI_ADMIN_* vars above for the admin login. # DOLI_ADMIN_PASSWORD <- kubectl get secret secretkv -n erp -o jsonpath='{.data.DOLI_ADMIN_PASSWORD}' | base64 -d
# Populate from the erp-sandbox namespace secrets (see "Provision the sandbox" in # DOLI_DB_PASSWORD <- kubectl get secret vso-db-credentials -n erp -o jsonpath='{.data.password}' | base64 -d
# README.md):
# DOLI_ADMIN_PASSWORD <- secret `secretkv` (-n erp-sandbox)
# DOLI_DB_PASSWORD <- secret `vso-db-credentials` (-n erp-sandbox)
# Override DOLIBARR_ADDRESS to the sandbox when running provisionSandbox.ts:
# DOLIBARR_ADDRESS=https://erp-sandbox.arcodange.lab
# #
# Optional: fix the new user's password (otherwise one is generated and only the # NOTE for a sandbox SEEDED from prod (ops/sandbox/sandbox-lifecycle.sh): the seed
# API key is emitted). Never commit a real value here. # clones prod's admin password into the sandbox, so .env.sandbox's
# DOLI_ADMIN_PASSWORD must be PROD's admin password (-n erp), not the sandbox
# secretkv. The DB password is the sandbox's own (-n erp-sandbox).
# Optional: fix the provisioned user's password (else one is generated and only
# the API key is emitted to .ai_agent_sandbox.key).
# AI_AGENT_SANDBOX_PASSWORD="" # AI_AGENT_SANDBOX_PASSWORD=""

7
test/.gitignore vendored
View File

@@ -1,5 +1,6 @@
# Secrets — never commit. The root .gitignore already covers .env and *.key; # Secrets — never commit. Covers .env (prod, main.ts) and .env.sandbox
# this is defense-in-depth for the provisioning POC. # (sandbox, provisionSandbox.ts), plus any generated *.key.
.env .env*
!.env.example
.ai_agent_sandbox.key .ai_agent_sandbox.key
*.key *.key

4
test/provisionSandbox.ts
View File

@@ -1,4 +1,6 @@
import "load_dotenv"; import { loadSync } from "jsr:@std/dotenv";
// Sandbox provisioning loads its OWN .env.sandbox; prod config stays in .env (main.ts).
loadSync({ envPath: ".env.sandbox", export: true });
import { chromium } from "playwright"; import { chromium } from "playwright";
import path from "node:path"; import path from "node:path";
import login from "./scripts/login.ts"; import login from "./scripts/login.ts";