studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

scripts: replace local-up.sh with idempotent Python lifecycle script

Browse Source 
local-up.py is a stdlib-only Python rewrite of local-up.sh +
local-seed-secrets.sh. Key improvements:

- Correctly parses limactl list --json NDJSON output (json.load()
  choked on NDJSON, causing spurious VM creation attempts)
- Handles all Lima VM states: none, Running, Stopped, Broken, etc.
- Inlines seed secrets (no separate local-seed-secrets.sh subprocess)
- Partial runs: --seed, --apply, --restart flags
- Consistent idempotency: every step checks state before acting
- Adds people-backend/celery to restart list; find to PG users list

local-up.sh patched: yq in prereqs, NDJSON-safe VM detection,
--server-side for Linkerd apply, people in restart list, Mail URL.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-01 18:22:54 +00:00
parent 5e36322a3b
commit 5c119e2b26
3 changed files with 576 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/local-seed-secrets.sh
View File

@@ -58,7 +58,7 @@ done
echo "==> Setting postgres user passwords..."
PG_POD=$(kubectl $CTX -n data get pods -l cnpg.io/cluster=postgres,role=primary -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [[ -n "$PG_POD" ]]; then
for user in kratos hydra gitea hive docs meet drive messages conversations people; do
for user in kratos hydra gitea hive docs meet drive messages conversations people find; do
kubectl $CTX -n data exec "$PG_POD" -c postgres -- \
psql -U postgres -c "ALTER USER $user WITH PASSWORD '$DB_PASSWORD';" 2>/dev/null || true
done
@@ -113,6 +113,13 @@ create_secret lasuite hive-oidc \
--from-literal=client-id="hive-local" \
--from-literal=client-secret="hive-local-secret"
# People (desk)
create_secret lasuite people-db-credentials \
--from-literal=password="$DB_PASSWORD"
create_secret lasuite people-django-secret \
--from-literal=DJANGO_SECRET_KEY="local-dev-people-django-secret-key-not-for-production"
# Media namespace
ensure_ns media
@@ -173,6 +180,7 @@ else
bao kv put secret/gitea db-password='$DB_PASSWORD' s3-access-key='$S3_ACCESS_KEY' s3-secret-key='$S3_SECRET_KEY'
bao kv put secret/seaweedfs access-key='$S3_ACCESS_KEY' secret-key='$S3_SECRET_KEY'
bao kv put secret/hive db-url='postgresql://hive:${DB_PASSWORD}@postgres-rw.data.svc.cluster.local:5432/hive_db' oidc-client-id='hive-local' oidc-client-secret='hive-local-secret'
bao kv put secret/people db-password='$DB_PASSWORD' django-secret-key='local-dev-people-django-secret-key-not-for-production'
bao kv put secret/livekit api-key='$LIVEKIT_API_KEY' api-secret='$LIVEKIT_API_SECRET'
" 2>/dev/null
echo " Done."