Added support for Docker secrets in Standard and alpine image.

[r-xyz]

Description

#9313 #9331 added a new alpine-FPM image which also adds Docker secrets support. Docker secrets support was never backported to existing Standard and alpine Docker images.
This creates inconsistency.

Note: Additional, inconsistency in startup naming and location (/startup.sh, /entrypoint.sh, /usr/local/bin/docker-snipeit-entrypoint) between versions shall be addressed in another PR/commit. Startup script was renamed in #6606, but only for Standard image.

Fixes #10197

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Reproduce the issue:
  • Create a test folder and create secrets file under secret folder
  • Clone this branch inside test folder
  • Create a base compose file:

services:
  snipeit:
    container_name: snipeit
    image: snipe/snipe-it:v7.0.10
#    image: snipe/snipe-it:v7.0.10-alpine
    depends_on:
      snipeit-mysql:
        condition: service_healthy
        restart: true
    #volumes:
    # Mounting the new file for standard image
    #  - "./snipe-it/docker/startup.sh:/startup.sh"
    # Mounting the new file for alpine image
    #  - "./snipe-it/docker/entrypoint_alpine.sh:/entrypoint.sh"

    environment:
      - APP_KEY_FILE=/run/secrets/SNIPEIT_APP_KEY
      - DB_HOST=snipeit-mysql
      - DB_DATABASE_FILE=/run/secrets/SNIPEIT_DB_NAME
      - DB_USERNAME_FILE=/run/secrets/SNIPEIT_DB_USER
      - DB_PASSWORD_FILE=/run/secrets/SNIPEIT_DB_PASSWORD
    secrets:
      - SNIPEIT_APP_KEY
      - SNIPEIT_DB_NAME
      - SNIPEIT_DB_USER
      - SNIPEIT_DB_PASSWORD
    dns:
      - "127.0.0.11"
      - "8.8.8.8"
  snipeit-mysql:
    container_name: snipeit-mysql
    image: mariadb:11
    environment:
      - MYSQL_DATABASE_FILE=/run/secrets/SNIPEIT_DB_NAME
      - MYSQL_USER_FILE=/run/secrets/SNIPEIT_DB_USER
      - MYSQL_PASSWORD_FILE=/run/secrets/SNIPEIT_DB_PASSWORD
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/SNIPEIT_DB_ROOT_PASSWORD
      - MARIADB_ROOT_PASSWORD_FILE=/run/secrets/SNIPEIT_DB_ROOT_PASSWORD
      - MARIADB_AUTO_UPGRADE=1
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      start_period: 10s
      interval: 10s
      timeout: 5s
      retries: 3
    secrets:
      - SNIPEIT_DB_NAME
      - SNIPEIT_DB_USER
      - SNIPEIT_DB_PASSWORD
      - SNIPEIT_DB_ROOT_PASSWORD
    restart: always
secrets:
  SNIPEIT_APP_KEY:
    file: './secrets/SNIPEIT_APP_KEY.txt'
  SNIPEIT_DB_NAME:
    file: './secrets/SNIPEIT_DB_NAME.txt'
  SNIPEIT_DB_USER:
    file: './secrets/SNIPEIT_DB_USER.txt'
  SNIPEIT_DB_PASSWORD:
    file: './secrets/SNIPEIT_DB_PASSWORD.txt'
  SNIPEIT_DB_ROOT_PASSWORD:
    file: './secrets/SNIPEIT_DB_ROOT_PASSWORD.txt'

• docker compose up --> APP_KEY not defined

• Repeat changing the alpine image

• Test the new version

  • Uncomment the relevant volumes lines for each image version in compose.yaml
  • Re-run the tests, and it will work.

Test Configuration:

• PHP version: Docker image
• MySQL version 11
• Webserver version Docker Image
• OS version Docker images

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[what-the-diff]

PR Summary

• Docker Secrets
  This PR adds features to incorporate Docker secrets which provide a secure way to store sensitive data. This has been implemented in the scripts named 'docker/entrypoint_alpine.sh' and 'docker/startup.sh'.

• Variable Reading Function
  A function 'file_env' has been defined which permits reading of variables directly from predefined files, facilitating easier management of multiple variables.

• Expanded Variable Compatibility
  An improvement has been made to support reading of values from either environment variables or files for a wider array of variables which includes: APP_KEY, DB_HOST, DB_PORT, DB_DATABASE, DB_USERNAME, DB_PASSWORD, etc. which span across application keys, database details, Redis configuration, and mailing setup.

• App Key Check
  To ensure the safe and correct functioning of the system, a check was included that verifies if the APP_KEY variable is set correctly. If it is not, an error message will be displayed to prompt the user for remedial action.

[snipe]

Thanks for this!

[snipe]

Can you retarget to develop though, per the dev documentation?

[r-xyz]

Thanks for pointing it out, I missed it. Just rebased, also took the chance to update it.