AWS `DB_PASSWORD` environment variable

aws-script.sh

#!/usr/bin/env bash
set -e
# Check that the environment variable has been set correctly
if [ -z "$SECRETS_BUCKET_NAME" ]; then
  echo >&2 'error: missing SECRETS_BUCKET_NAME environment variable'
  exit 1
fi

# Load the S3 secrets file contents into the environment variables
echo "Getting 'DB_PASSWORD' value from the AWS secret store..."
DB_PASSWORD=$(aws s3 cp s3://${SECRETS_BUCKET_NAME}/db_password.txt -)

# Save the DB_PASSWORD to root bashrc file
echo "export DB_PASSWORD=$DB_PASSWORD" >> /root/.bashrc

# Source the bashrc so that the DB_PASSWORD is available in the current and all child processes
source /root/.bashrc
echo "'DB_PASSWORD' bash environment variable set"
# The above method sets DB_PASSWORD environment variable for bash.
#
# This means, when you `bash` into the container using the following command:
# `docker exec -it container_web_1 bash`
# And do `printenv`. You will be able to see `DB_PASSWORD` environment variable.
#
# However, running any commands/scripts from outside the container doesn't
# seem to see this `DB_PASSWORD` env variable. For e.g. run:
# `docker exec -it container_web_1 printenv`
# The output of the above command doesn't print `DB_PASSWORD`.
#
# For this reason, any `drush` command fails from outside the container. E.g.
# `docker exec -it container_web_1 drush cr`
# The above command will fail.
#
# Therefore, all `drush` commands needs to run from
# within the container itself.

# Continue executing entry point stuff..
exec "$@"

Dockerfile

FROM php:7.0-fpm

# Install the PHP extensions we need for Drupal
RUN apt-get update && apt-get install -y \
    libpng12-dev \
    libjpeg-dev \
    libpq-dev \
    postgresql-client \
	&& rm -rf /var/lib/apt/lists/* \
	&& docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr \
	&& docker-php-ext-install \
	    gd \
	    mbstring \
	    opcache \
	    pdo \
	    pdo_pgsql \
	    zip \
    && rm -rf /var/lib/apt/lists/*

# Install Nginx and Supervisor
RUN apt-get update && apt-get install -y \
    nginx \
    supervisor \
    && rm -rf /var/lib/apt/lists/*

# Install AWS CLI tool and dependencies
RUN apt-get update && apt-get -y install python curl unzip \
    && cd /tmp \
    && curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" \
    && unzip awscli-bundle.zip \
    && ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws \
    && rm awscli-bundle.zip && rm -rf awscli-bundle \
    && rm -rf /var/lib/apt/lists/*

# Copy AWS entrypoint script to the container
COPY ./docker/scripts/aws-script.sh /aws-script.sh

# Make the script executable
RUN chmod +x /aws-script.sh

# Copy Supervisor config
COPY docker/supervisor/supervisor.conf /etc/supervisord.conf

# Copy Nginx config
COPY docker/nginx/site.conf /etc/nginx/sites-available/default

# Copy src code to the container
COPY . /var/www/app

# Add composer bin to the PATH variable (for drush cli)
ENV PATH $PATH:/var/www/app/vendor/bin

# Copy entrypoint script to the container. This is only required for the QA and
# Prod enviornment. Not for the developement enviornment. Hence,
# 'docker-compose-qa.yml' has an entrypoint argument.

COPY docker/scripts/web-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh

# Change working directory to the app's web directory
WORKDIR /var/www/app/web

# Start supervisord and services
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]

web-entrypoint.sh

#!/usr/bin/env bash
set -e

# Import config import
echo "Performing Drush 'config-import'..."

# Clear cache first
drush cr

drush config-import -y

# Clear cache again
drush cr

echo "Drush 'config-import' complete"

echo "Starting supervisord..."
exec "$@"