From a1130e33d7e28b3c7c31ab6fb20b286cd3ce43ba Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 3 Sep 2025 16:34:04 +0200
Subject: [PATCH] web-app-chess: refactor runtime & entrypoint

- Move entrypoint to files/ and deploy via copy
- Parameterize APP_KEY_FILE, data dir, and entrypoint paths
- Require explicit PORT/PG envs (remove fallbacks)
- Drop stray header from config/main.yml
- Dockerfile: use templated data dir & entrypoint; keep node user
- Compose: set custom image, adjust volume mapping
- env: derive APP_SCHEME from WEB_PROTOCOL; NODE_ENV from ENVIRONMENT
- tasks: add 01_core and simplify main to include it

Ref: https://chatgpt.com/share/68b851c5-4dd8-800f-8e9e-22b985597b8f
---
 roles/web-app-chess/config/main.yml                |  1 -
 .../{templates => files}/docker-entrypoint.sh      |  8 ++++----
 roles/web-app-chess/tasks/01_core.yml              | 10 ++++++++++
 roles/web-app-chess/tasks/02_assets.yml            | 10 ----------
 roles/web-app-chess/tasks/main.yml                 |  9 ++-------
 roles/web-app-chess/templates/Dockerfile.j2        | 12 +++++-------
 .../web-app-chess/templates/docker-compose.yml.j2  |  6 ++----
 roles/web-app-chess/templates/env.j2               |  6 +++---
 roles/web-app-chess/vars/main.yml                  | 14 ++++++++++++--
 9 files changed, 38 insertions(+), 38 deletions(-)
 rename roles/web-app-chess/{templates => files}/docker-entrypoint.sh (63%)
 create mode 100644 roles/web-app-chess/tasks/01_core.yml
 delete mode 100644 roles/web-app-chess/tasks/02_assets.yml

diff --git a/roles/web-app-chess/config/main.yml b/roles/web-app-chess/config/main.yml
index 5ce30b24..69045483 100644
--- a/roles/web-app-chess/config/main.yml
+++ b/roles/web-app-chess/config/main.yml
@@ -1,4 +1,3 @@
-# roles/web-app-chess/config/main.yml
 credentials: {}
 docker:
   services:
diff --git a/roles/web-app-chess/templates/docker-entrypoint.sh b/roles/web-app-chess/files/docker-entrypoint.sh
similarity index 63%
rename from roles/web-app-chess/templates/docker-entrypoint.sh
rename to roles/web-app-chess/files/docker-entrypoint.sh
index ab89f119..83990ad1 100644
--- a/roles/web-app-chess/templates/docker-entrypoint.sh
+++ b/roles/web-app-chess/files/docker-entrypoint.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-APP_KEY_FILE="${APP_KEY_FILE:-/app/data/{{ CHESS_KEY_FILENAME }}}"
+APP_KEY_FILE="${APP_KEY_FILE}"
 APP_KEY_PUB="${APP_KEY_FILE}.pub"
 
 # 1) Generate signing key pair if missing
@@ -12,8 +12,8 @@ fi
 
 # 2) Wait for PostgreSQL if env is provided
 if [[ -n "${PGHOST:-}" ]]; then
-  echo "[chess] waiting for PostgreSQL at ${PGHOST}:${PGPORT:-5432}..."
-  until pg_isready -h "${PGHOST}" -p "${PGPORT:-5432}" -U "${PGUSER:-postgres}" >/dev/null 2>&1; do
+  echo "[chess] waiting for PostgreSQL at ${PGHOST}:${PGPORT}..."
+  until pg_isready -h "${PGHOST}" -p "${PGPORT}" -U "${PGUSER}" >/dev/null 2>&1; do
     sleep 1
   done
 fi
@@ -23,5 +23,5 @@ echo "[chess] running migrations"
 yarn migrate up
 
 # 4) Start app
-echo "[chess] starting server on port ${PORT:-5080}"
+echo "[chess] starting server on port ${PORT}"
 exec yarn start
diff --git a/roles/web-app-chess/tasks/01_core.yml b/roles/web-app-chess/tasks/01_core.yml
new file mode 100644
index 00000000..c6ed3607
--- /dev/null
+++ b/roles/web-app-chess/tasks/01_core.yml
@@ -0,0 +1,10 @@
+- name: "load docker, db and proxy for {{ application_id }}"
+  include_role:
+    name: sys-stk-full-stateful
+
+- name: "Deploy '{{ CHESS_ENTRYPOINT_ABS }}'"
+  copy:
+    src:    "{{ CHESS_ENTRYPOINT_FILE }}"
+    dest:   "{{ CHESS_ENTRYPOINT_ABS }}"
+
+- include_tasks: utils/run_once.yml
diff --git a/roles/web-app-chess/tasks/02_assets.yml b/roles/web-app-chess/tasks/02_assets.yml
deleted file mode 100644
index 986a0c05..00000000
--- a/roles/web-app-chess/tasks/02_assets.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- block:
-  - name: "load docker, db and proxy for {{ application_id }}"
-    include_role:
-      name: sys-stk-full-stateful
-
-  - name: "Place entrypoint and other assets"
-    include_tasks: 02_assets.yml
-
-  - include_tasks: utils/run_once.yml
-  when: run_once_web_app_chess is not defined
\ No newline at end of file
diff --git a/roles/web-app-chess/tasks/main.yml b/roles/web-app-chess/tasks/main.yml
index 34513c37..46b4944e 100644
--- a/roles/web-app-chess/tasks/main.yml
+++ b/roles/web-app-chess/tasks/main.yml
@@ -1,8 +1,3 @@
----
-- block:
-  - name: "load docker, db and proxy for {{ application_id }}"
-    include_role:
-      name: sys-stk-full-stateful
-
-  - include_tasks: utils/run_once.yml
+- name: "Include core routines for '{{ application_id }}'"
+  include_tasks: "01_core.yml"
   when: run_once_web_app_chess is not defined
\ No newline at end of file
diff --git a/roles/web-app-chess/templates/Dockerfile.j2 b/roles/web-app-chess/templates/Dockerfile.j2
index 5dff1966..4c821243 100644
--- a/roles/web-app-chess/templates/Dockerfile.j2
+++ b/roles/web-app-chess/templates/Dockerfile.j2
@@ -21,8 +21,6 @@ RUN yarn install --frozen-lockfile && yarn build
 # Stage 2: runtime
 FROM node:{{ CHESS_VERSION }}
 
-ENV NODE_ENV=production
-ENV PORT={{ container_port }}
 WORKDIR /app
 
 # Minimal runtime packages + dumb-init
@@ -34,14 +32,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 COPY --from=build /src /app
 
 # Create data dir for signing keys & cache
-RUN mkdir -p /app/data && chown -R node:node /app
-VOLUME ["/app/data"]
+RUN mkdir -p {{ CHESS_APP_DATA_DIR }} && chown -R node:node /app
+VOLUME ["{{ CHESS_APP_DATA_DIR }}"]
 
 # Entrypoint script
-COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
-RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+COPY {{ CHESS_ENTRYPOINT_REL }} {{ CHESS_ENTRYPOINT_INT }}
+RUN chmod +x {{ CHESS_ENTRYPOINT_INT }}
 
 USER node
 EXPOSE {{ container_port }}
 ENTRYPOINT ["dumb-init", "--"]
-CMD ["docker-entrypoint.sh"]
+CMD ["{{ CHESS_ENTRYPOINT_INT }}"]
diff --git a/roles/web-app-chess/templates/docker-compose.yml.j2 b/roles/web-app-chess/templates/docker-compose.yml.j2
index bff1a0b8..787f23df 100644
--- a/roles/web-app-chess/templates/docker-compose.yml.j2
+++ b/roles/web-app-chess/templates/docker-compose.yml.j2
@@ -6,15 +6,13 @@
       args:
         CHESS_REPO_URL: "{{ CHESS_REPO_URL }}"
         CHESS_REPO_REF: "{{ CHESS_REPO_REF }}"
-    image: "castling_custom"
+    image: "{{ CHESS_CUSTOM_IMAGE }}"
     container_name: "{{ CHESS_CONTAINER }}"
     hostname: "{{ CHESS_HOSTNAME }}"
-    environment:
-      - NODE_ENV=production
     ports:
       - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
     volumes:
-      - 'data:/app/data'
+      - 'data:{{ CHESS_APP_DATA_DIR }}'
     env_file:
       - .env
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
diff --git a/roles/web-app-chess/templates/env.j2 b/roles/web-app-chess/templates/env.j2
index 4cc0ba88..cb74188e 100644
--- a/roles/web-app-chess/templates/env.j2
+++ b/roles/web-app-chess/templates/env.j2
@@ -1,11 +1,11 @@
 # App basics
-APP_SCHEME="{{ 'https' if WEB_PROTOCOL == 'https' else 'http' }}"
+APP_SCHEME="{{ WEB_PROTOCOL }}"
 APP_DOMAIN="{{ CHESS_HOSTNAME }}"
 APP_ADMIN_URL="{{ CHESS_ADMIN_URL }}"
 APP_ADMIN_EMAIL="{{ CHESS_ADMIN_EMAIL }}"
-APP_KEY_FILE="/app/data/{{ CHESS_KEY_FILENAME }}"
+APP_KEY_FILE="{{ CHESS_APP_KEY_FILE }}"
 APP_HMAC_SECRET="{{ CHESS_HMAC_SECRET }}"
-NODE_ENV="production"
+NODE_ENV="{{ ENVIRONMENT }}"
 PORT="{{ container_port }}"
 
 # PostgreSQL (libpq envs)
diff --git a/roles/web-app-chess/vars/main.yml b/roles/web-app-chess/vars/main.yml
index e7ffcba1..b3b20e6b 100644
--- a/roles/web-app-chess/vars/main.yml
+++ b/roles/web-app-chess/vars/main.yml
@@ -1,17 +1,20 @@
 # General
 application_id:                 "web-app-chess"
 database_type:                  "postgres"
+
+# Container
 container_port:                 5080
 container_hostname:             "{{ domains | get_domain(application_id) }}"
 
 # App URLs & meta
-#CHESS_URL:                      "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+# CHESS_URL:                      "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 CHESS_HOSTNAME:                 "{{ container_hostname }}"
 CHESS_ADMIN_URL:                ""
-CHESS_ADMIN_EMAIL:              ""
+CHESS_ADMIN_EMAIL:              "{{ users.users.administrator.email }}"
 
 # Docker image
 #CHESS_IMAGE:                    "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
+CHESS_CUSTOM_IMAGE:             "castling_custom"
 CHESS_VERSION:                  "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
 CHESS_CONTAINER:                "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
 CHESS_DATA_VOLUME:              "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
@@ -23,3 +26,10 @@ CHESS_REPO_REF:                 "{{ applications | get_app_conf(application_id,
 # Security
 CHESS_HMAC_SECRET:              "{{ lookup('password', '/dev/null length=63 chars=ascii_letters,digits') }}"
 CHESS_KEY_FILENAME:             "signing-key"
+CHESS_APP_DATA_DIR:             '/app/data'
+CHESS_APP_KEY_FILE:             "{{ [ CHESS_APP_DATA_DIR, CHESS_KEY_FILENAME ] | path_join }}"
+
+CHESS_ENTRYPOINT_FILE:          "docker-entrypoint.sh"
+CHESS_ENTRYPOINT_REL:           "{{ CHESS_ENTRYPOINT_FILE }}"
+CHESS_ENTRYPOINT_ABS:           "{{ [docker_compose.directories.instance, CHESS_ENTRYPOINT_REL] | path_join }}"
+CHESS_ENTRYPOINT_INT:           "{{ ['/usr/local/bin', CHESS_ENTRYPOINT_FILE] | path_join }}"
\ No newline at end of file