arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(test): split env config — .env (prod) vs .env.sandbox (sandbox) #17

Merged
arcodange merged 1 commits from claude/test-env-sandbox-split into main 2026-06-29 11:26:47 +02:00
Conversation 0 Commits 1 Files Changed 3 +27 -16
3 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e4a7f99333 - Show all commits

32
test/.env.example
View File

@@ -1,19 +1,27 @@
# --- Production / default target (main.ts) ---
# Copy this template to one of:
# .env — production target, loaded by main.ts
# .env.sandbox — sandbox target, loaded by provisionSandbox.ts
# Both are gitignored. Never commit real secret values.
# --- Target ---
# prod: https://erp.arcodange.lab (.env)
# sandbox: https://erp-sandbox.arcodange.lab (.env.sandbox)
DOLIBARR_ADDRESS=https://erp.arcodange.lab
DOLI_DB_PASSWORD=
DOLI_ADMIN_LOGIN=admin
DOLI_ADMIN_PASSWORD=""
DOLI_DB_PASSWORD=""
ROOT_FOLDER=$HOME/erp
# --- Sandbox provisioning (provisionSandbox.ts) ---
# Point at the sandbox and reuse the DOLI_ADMIN_* vars above for the admin login.
# Populate from the erp-sandbox namespace secrets (see "Provision the sandbox" in
# README.md):
# DOLI_ADMIN_PASSWORD <- secret `secretkv` (-n erp-sandbox)
# DOLI_DB_PASSWORD <- secret `vso-db-credentials` (-n erp-sandbox)
# Override DOLIBARR_ADDRESS to the sandbox when running provisionSandbox.ts:
# DOLIBARR_ADDRESS=https://erp-sandbox.arcodange.lab
# Populate the passwords from the cluster secrets, e.g. (prod shown):
# DOLI_ADMIN_PASSWORD <- kubectl get secret secretkv -n erp -o jsonpath='{.data.DOLI_ADMIN_PASSWORD}' | base64 -d
# DOLI_DB_PASSWORD <- kubectl get secret vso-db-credentials -n erp -o jsonpath='{.data.password}' | base64 -d
#
# Optional: fix the new user's password (otherwise one is generated and only the
# API key is emitted). Never commit a real value here.
# NOTE for a sandbox SEEDED from prod (ops/sandbox/sandbox-lifecycle.sh): the seed
# clones prod's admin password into the sandbox, so .env.sandbox's
# DOLI_ADMIN_PASSWORD must be PROD's admin password (-n erp), not the sandbox
# secretkv. The DB password is the sandbox's own (-n erp-sandbox).
# Optional: fix the provisioned user's password (else one is generated and only
# the API key is emitted to .ai_agent_sandbox.key).
# AI_AGENT_SANDBOX_PASSWORD=""

7
test/.gitignore vendored
View File

@@ -1,5 +1,6 @@
# Secrets — never commit. The root .gitignore already covers .env and *.key;
# this is defense-in-depth for the provisioning POC.
.env
# Secrets — never commit. Covers .env (prod, main.ts) and .env.sandbox
# (sandbox, provisionSandbox.ts), plus any generated *.key.
.env*
!.env.example
.ai_agent_sandbox.key
*.key

4
test/provisionSandbox.ts
View File

@@ -1,4 +1,6 @@
import "load_dotenv";
import { loadSync } from "jsr:@std/dotenv";
// Sandbox provisioning loads its OWN .env.sandbox; prod config stays in .env (main.ts).
loadSync({ envPath: ".env.sandbox", export: true });
import { chromium } from "playwright";
import path from "node:path";
import login from "./scripts/login.ts";