feat(test): split env config — .env (prod) vs .env.sandbox (sandbox) #17
@@ -1,19 +1,27 @@
|
|||||||
# --- Production / default target (main.ts) ---
|
# Copy this template to one of:
|
||||||
|
# .env — production target, loaded by main.ts
|
||||||
|
# .env.sandbox — sandbox target, loaded by provisionSandbox.ts
|
||||||
|
# Both are gitignored. Never commit real secret values.
|
||||||
|
|
||||||
|
# --- Target ---
|
||||||
|
# prod: https://erp.arcodange.lab (.env)
|
||||||
|
# sandbox: https://erp-sandbox.arcodange.lab (.env.sandbox)
|
||||||
DOLIBARR_ADDRESS=https://erp.arcodange.lab
|
DOLIBARR_ADDRESS=https://erp.arcodange.lab
|
||||||
DOLI_DB_PASSWORD=
|
|
||||||
DOLI_ADMIN_LOGIN=admin
|
DOLI_ADMIN_LOGIN=admin
|
||||||
DOLI_ADMIN_PASSWORD=""
|
DOLI_ADMIN_PASSWORD=""
|
||||||
|
DOLI_DB_PASSWORD=""
|
||||||
ROOT_FOLDER=$HOME/erp
|
ROOT_FOLDER=$HOME/erp
|
||||||
|
|
||||||
# --- Sandbox provisioning (provisionSandbox.ts) ---
|
# Populate the passwords from the cluster secrets, e.g. (prod shown):
|
||||||
# Point at the sandbox and reuse the DOLI_ADMIN_* vars above for the admin login.
|
# DOLI_ADMIN_PASSWORD <- kubectl get secret secretkv -n erp -o jsonpath='{.data.DOLI_ADMIN_PASSWORD}' | base64 -d
|
||||||
# Populate from the erp-sandbox namespace secrets (see "Provision the sandbox" in
|
# DOLI_DB_PASSWORD <- kubectl get secret vso-db-credentials -n erp -o jsonpath='{.data.password}' | base64 -d
|
||||||
# README.md):
|
|
||||||
# DOLI_ADMIN_PASSWORD <- secret `secretkv` (-n erp-sandbox)
|
|
||||||
# DOLI_DB_PASSWORD <- secret `vso-db-credentials` (-n erp-sandbox)
|
|
||||||
# Override DOLIBARR_ADDRESS to the sandbox when running provisionSandbox.ts:
|
|
||||||
# DOLIBARR_ADDRESS=https://erp-sandbox.arcodange.lab
|
|
||||||
#
|
#
|
||||||
# Optional: fix the new user's password (otherwise one is generated and only the
|
# NOTE for a sandbox SEEDED from prod (ops/sandbox/sandbox-lifecycle.sh): the seed
|
||||||
# API key is emitted). Never commit a real value here.
|
# clones prod's admin password into the sandbox, so .env.sandbox's
|
||||||
|
# DOLI_ADMIN_PASSWORD must be PROD's admin password (-n erp), not the sandbox
|
||||||
|
# secretkv. The DB password is the sandbox's own (-n erp-sandbox).
|
||||||
|
|
||||||
|
# Optional: fix the provisioned user's password (else one is generated and only
|
||||||
|
# the API key is emitted to .ai_agent_sandbox.key).
|
||||||
# AI_AGENT_SANDBOX_PASSWORD=""
|
# AI_AGENT_SANDBOX_PASSWORD=""
|
||||||
|
|||||||
7
test/.gitignore
vendored
7
test/.gitignore
vendored
@@ -1,5 +1,6 @@
|
|||||||
# Secrets — never commit. The root .gitignore already covers .env and *.key;
|
# Secrets — never commit. Covers .env (prod, main.ts) and .env.sandbox
|
||||||
# this is defense-in-depth for the provisioning POC.
|
# (sandbox, provisionSandbox.ts), plus any generated *.key.
|
||||||
.env
|
.env*
|
||||||
|
!.env.example
|
||||||
.ai_agent_sandbox.key
|
.ai_agent_sandbox.key
|
||||||
*.key
|
*.key
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
import "load_dotenv";
|
import { loadSync } from "jsr:@std/dotenv";
|
||||||
|
// Sandbox provisioning loads its OWN .env.sandbox; prod config stays in .env (main.ts).
|
||||||
|
loadSync({ envPath: ".env.sandbox", export: true });
|
||||||
import { chromium } from "playwright";
|
import { chromium } from "playwright";
|
||||||
import path from "node:path";
|
import path from "node:path";
|
||||||
import login from "./scripts/login.ts";
|
import login from "./scripts/login.ts";
|
||||||
|
|||||||
Reference in New Issue
Block a user