arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(test): split env config — .env (prod) vs .env.sandbox (sandbox)

Browse Source 
provisionSandbox.ts now loads its own .env.sandbox (via @std/dotenv loadSync)
instead of the shared .env, so prod (main.ts → .env) and sandbox
(provisionSandbox.ts → .env.sandbox) configs don't collide. .gitignore widened
to .env* (keeping .env.example tracked). .env.example rewritten to document the
two-file convention + the per-env kubectl secret sources, including the caveat
that a prod-seeded sandbox uses PROD's admin password.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Gabriel Radureau
2026-06-29 11:26:05 +02:00
parent 04281f0ab7
commit e4a7f99333
3 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
test/.env.example
View File

@@ -1,19 +1,27 @@
# --- Production / default target (main.ts) ---
# Copy this template to one of:
# .env — production target, loaded by main.ts
# .env.sandbox — sandbox target, loaded by provisionSandbox.ts
# Both are gitignored. Never commit real secret values.
# --- Target ---
# prod: https://erp.arcodange.lab (.env)
# sandbox: https://erp-sandbox.arcodange.lab (.env.sandbox)
DOLIBARR_ADDRESS=https://erp.arcodange.lab
DOLI_DB_PASSWORD=
DOLI_ADMIN_LOGIN=admin
DOLI_ADMIN_PASSWORD=""
DOLI_DB_PASSWORD=""
ROOT_FOLDER=$HOME/erp
# --- Sandbox provisioning (provisionSandbox.ts) ---
# Point at the sandbox and reuse the DOLI_ADMIN_* vars above for the admin login.
# Populate from the erp-sandbox namespace secrets (see "Provision the sandbox" in
# README.md):
# DOLI_ADMIN_PASSWORD <- secret `secretkv` (-n erp-sandbox)
# DOLI_DB_PASSWORD <- secret `vso-db-credentials` (-n erp-sandbox)
# Override DOLIBARR_ADDRESS to the sandbox when running provisionSandbox.ts:
# DOLIBARR_ADDRESS=https://erp-sandbox.arcodange.lab
# Populate the passwords from the cluster secrets, e.g. (prod shown):
# DOLI_ADMIN_PASSWORD <- kubectl get secret secretkv -n erp -o jsonpath='{.data.DOLI_ADMIN_PASSWORD}' | base64 -d
# DOLI_DB_PASSWORD <- kubectl get secret vso-db-credentials -n erp -o jsonpath='{.data.password}' | base64 -d
#
# Optional: fix the new user's password (otherwise one is generated and only the
# API key is emitted). Never commit a real value here.
# NOTE for a sandbox SEEDED from prod (ops/sandbox/sandbox-lifecycle.sh): the seed
# clones prod's admin password into the sandbox, so .env.sandbox's
# DOLI_ADMIN_PASSWORD must be PROD's admin password (-n erp), not the sandbox
# secretkv. The DB password is the sandbox's own (-n erp-sandbox).
# Optional: fix the provisioned user's password (else one is generated and only
# the API key is emitted to .ai_agent_sandbox.key).
# AI_AGENT_SANDBOX_PASSWORD=""