XuqmGroup-PrivateDeploy/scripts/lib.sh

#!/usr/bin/env bash
set -euo pipefail

ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
AUDIT_LOG="$ROOT_DIR/logs/audit.log"
PROGRESS_FILE="$ROOT_DIR/.deploy-state/progress.md"

now() {
  date +"%Y-%m-%dT%H:%M:%S%z"
}

audit() {
  local action="$1"
  local status="$2"
  local message="${3:-}"
  mkdir -p "$(dirname "$AUDIT_LOG")"
  printf '{"time":"%s","action":"%s","status":"%s","message":"%s"}\n' \
    "$(now)" "$action" "$status" "$message" >> "$AUDIT_LOG"
}

progress() {
  local step="$1"
  local status="$2"
  local notes="${3:-}"
  mkdir -p "$(dirname "$PROGRESS_FILE")"
  if [ ! -f "$PROGRESS_FILE" ]; then
    printf '# Deployment Progress\n\n| Time | Step | Status | Notes |\n|------|------|--------|-------|\n' > "$PROGRESS_FILE"
  fi
  printf '| %s | %s | %s | %s |\n' "$(now)" "$step" "$status" "$notes" >> "$PROGRESS_FILE"
}

fail_json() {
  local code="$1"
  local message="$2"
  local step="${3:-unknown}"
  printf '{"code":"%s","message":"%s","step":"%s","recoverable":true}\n' "$code" "$message" "$step" >&2
  audit "$step" "FAILED" "$message"
  progress "$step" "FAILED" "$message"
  exit 1
}

load_env() {
  set -a
  [ -f "$ROOT_DIR/.env" ] && . "$ROOT_DIR/.env"
  [ -f "$ROOT_DIR/config/infra.env" ] && . "$ROOT_DIR/config/infra.env"
  [ -f "$ROOT_DIR/config/xuqm.env" ] && . "$ROOT_DIR/config/xuqm.env"
  [ -f "$ROOT_DIR/config/secrets.env" ] && . "$ROOT_DIR/config/secrets.env"
  set +a
}

require_cmd() {
  command -v "$1" >/dev/null 2>&1 || fail_json "XUQM_PRIVATE_4001" "missing required command: $1" "preflight"
}

random_secret() {
  if command -v openssl >/dev/null 2>&1; then
    openssl rand -base64 32 | tr -d '\n'
  else
    printf '%s_%s' "$(date +%s)" "$RANDOM"
  fi
}

ensure_secret_file() {
  if [ ! -f "$ROOT_DIR/config/secrets.env" ]; then
    cp "$ROOT_DIR/config/secrets.env.example" "$ROOT_DIR/config/secrets.env"
    chmod 600 "$ROOT_DIR/config/secrets.env" || true
  fi
}

set_env_value() {
  local file="$1"
  local key="$2"
  local value="$3"
  mkdir -p "$(dirname "$file")"
  touch "$file"
  if grep -q "^${key}=" "$file"; then
    sed -i.bak "s|^${key}=.*|${key}=${value}|" "$file"
    rm -f "${file}.bak"
  else
    printf '%s=%s\n' "$key" "$value" >> "$file"
  fi
}

ensure_env_value() {
  local file="$1"
  local key="$2"
  local current="${3:-}"
  local generated="$4"
  if [ -z "$current" ] || [ "$current" = "change-me" ]; then
    set_env_value "$file" "$key" "$generated"
    printf '%s' "$generated"
  else
    printf '%s' "$current"
  fi
}

profile_contains() {
  local profiles="$1"
  local target="$2"
  case ",${profiles}," in
    *,"${target}",*) return 0 ;;
    *) return 1 ;;
  esac
}

add_profile() {
  local profiles="${1:-base}"
  local target="$2"
  if profile_contains "$profiles" "$target"; then
    printf '%s' "$profiles"
  else
    printf '%s,%s' "$profiles" "$target"
  fi
}

remove_profile() {
  local profiles="$1"
  local target="$2"
  local result=""
  local item
  IFS=',' read -r -a items <<< "$profiles"
  for item in "${items[@]}"; do
    [ "$item" = "$target" ] && continue
    [ -z "$item" ] && continue
    if [ -z "$result" ]; then
      result="$item"
    else
      result="$result,$item"
    fi
  done
  printf '%s' "${result:-base}"
}

compose() {
  docker compose --env-file "$ROOT_DIR/.env" -f "$ROOT_DIR/docker-compose.yml" -f "$ROOT_DIR/docker-compose.infra.yml" "$@"
}
chore: scaffold private deployment repository 2026-05-18 19:49:31 +08:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"`
			`AUDIT_LOG="$ROOT_DIR/logs/audit.log"`
			`PROGRESS_FILE="$ROOT_DIR/.deploy-state/progress.md"`

			`now() {`
			`date +"%Y-%m-%dT%H:%M:%S%z"`
			`}`

			`audit() {`
			`local action="$1"`
			`local status="$2"`
			`local message="${3:-}"`
			`mkdir -p "$(dirname "$AUDIT_LOG")"`
			`printf '{"time":"%s","action":"%s","status":"%s","message":"%s"}\n' \`
			`"$(now)" "$action" "$status" "$message" >> "$AUDIT_LOG"`
			`}`

			`progress() {`
			`local step="$1"`
			`local status="$2"`
			`local notes="${3:-}"`
			`mkdir -p "$(dirname "$PROGRESS_FILE")"`
			`if [ ! -f "$PROGRESS_FILE" ]; then`
			`printf '# Deployment Progress\n\n\| Time \| Step \| Status \| Notes \|\n\|------\|------\|--------\|-------\|\n' > "$PROGRESS_FILE"`
			`fi`
			`printf '\| %s \| %s \| %s \| %s \|\n' "$(now)" "$step" "$status" "$notes" >> "$PROGRESS_FILE"`
			`}`

			`fail_json() {`
			`local code="$1"`
			`local message="$2"`
			`local step="${3:-unknown}"`
			`printf '{"code":"%s","message":"%s","step":"%s","recoverable":true}\n' "$code" "$message" "$step" >&2`
			`audit "$step" "FAILED" "$message"`
			`progress "$step" "FAILED" "$message"`
			`exit 1`
			`}`

			`load_env() {`
			`set -a`
			`[ -f "$ROOT_DIR/.env" ] && . "$ROOT_DIR/.env"`
			`[ -f "$ROOT_DIR/config/infra.env" ] && . "$ROOT_DIR/config/infra.env"`
			`[ -f "$ROOT_DIR/config/xuqm.env" ] && . "$ROOT_DIR/config/xuqm.env"`
			`[ -f "$ROOT_DIR/config/secrets.env" ] && . "$ROOT_DIR/config/secrets.env"`
			`set +a`
			`}`

			`require_cmd() {`
			`command -v "$1" >/dev/null 2>&1 \|\| fail_json "XUQM_PRIVATE_4001" "missing required command: $1" "preflight"`
			`}`

			`random_secret() {`
			`if command -v openssl >/dev/null 2>&1; then`
			`openssl rand -base64 32 \| tr -d '\n'`
			`else`
			`printf '%s_%s' "$(date +%s)" "$RANDOM"`
			`fi`
			`}`

			`ensure_secret_file() {`
			`if [ ! -f "$ROOT_DIR/config/secrets.env" ]; then`
			`cp "$ROOT_DIR/config/secrets.env.example" "$ROOT_DIR/config/secrets.env"`
			`chmod 600 "$ROOT_DIR/config/secrets.env" \|\| true`
			`fi`
			`}`

			`set_env_value() {`
			`local file="$1"`
			`local key="$2"`
			`local value="$3"`
			`mkdir -p "$(dirname "$file")"`
			`touch "$file"`
			`if grep -q "^${key}=" "$file"; then`
			`sed -i.bak "s\|^${key}=.*\|${key}=${value}\|" "$file"`
			`rm -f "${file}.bak"`
			`else`
			`printf '%s=%s\n' "$key" "$value" >> "$file"`
			`fi`
			`}`

			`ensure_env_value() {`
			`local file="$1"`
			`local key="$2"`
			`local current="${3:-}"`
			`local generated="$4"`
			`if [ -z "$current" ] \|\| [ "$current" = "change-me" ]; then`
			`set_env_value "$file" "$key" "$generated"`
			`printf '%s' "$generated"`
			`else`
			`printf '%s' "$current"`
			`fi`
			`}`

			`profile_contains() {`
			`local profiles="$1"`
			`local target="$2"`
			`case ",${profiles}," in`
			`,"${target}",) return 0 ;;`
			`*) return 1 ;;`
			`esac`
			`}`

			`add_profile() {`
			`local profiles="${1:-base}"`
			`local target="$2"`
			`if profile_contains "$profiles" "$target"; then`
			`printf '%s' "$profiles"`
			`else`
			`printf '%s,%s' "$profiles" "$target"`
			`fi`
			`}`

			`remove_profile() {`
			`local profiles="$1"`
			`local target="$2"`
			`local result=""`
			`local item`
			`IFS=',' read -r -a items <<< "$profiles"`
			`for item in "${items[@]}"; do`
			`[ "$item" = "$target" ] && continue`
			`[ -z "$item" ] && continue`
			`if [ -z "$result" ]; then`
			`result="$item"`
			`else`
			`result="$result,$item"`
			`fi`
			`done`
			`printf '%s' "${result:-base}"`
			`}`

			`compose() {`
			`docker compose --env-file "$ROOT_DIR/.env" -f "$ROOT_DIR/docker-compose.yml" -f "$ROOT_DIR/docker-compose.infra.yml" "$@"`
			`}`