HangmanLab.Server.T0/git-kc/mysql/init/01-init-databases.sh

#!/usr/bin/env bash
# Draft target path on vps.git: ~/git-kc/mysql/init/01-init-databases.sh
# Runs inside the official MySQL container on first initialization only
# (i.e. only when /var/lib/mysql is empty).

set -Eeuo pipefail

required_vars=(
  MYSQL_ROOT_PASSWORD
  MYSQL_GITEA_DATABASE
  MYSQL_GITEA_USER
  MYSQL_GITEA_PASSWORD
  MYSQL_KEYCLOAK_DATABASE
  MYSQL_KEYCLOAK_USER
  MYSQL_KEYCLOAK_PASSWORD
)

for var in "${required_vars[@]}"; do
  if [[ -z "${!var:-}" ]]; then
    echo "[ERROR] Required environment variable is missing: $var" >&2
    exit 1
  fi
done

sql_escape() {
  printf '%s' "$1" | sed "s/'/''/g"
}

MYSQL_ROOT_PASSWORD_SQL=$(sql_escape "${MYSQL_ROOT_PASSWORD}")
MYSQL_GITEA_PASSWORD_SQL=$(sql_escape "${MYSQL_GITEA_PASSWORD}")
MYSQL_KEYCLOAK_PASSWORD_SQL=$(sql_escape "${MYSQL_KEYCLOAK_PASSWORD}")

cat <<EOF
[INFO] Initializing MySQL logical layout...
[INFO] Gitea DB:      ${MYSQL_GITEA_DATABASE}
[INFO] Keycloak DB:   ${MYSQL_KEYCLOAK_DATABASE}
[INFO] Gitea user:    ${MYSQL_GITEA_USER}@'%'
[INFO] Keycloak user: ${MYSQL_KEYCLOAK_USER}@'%'
EOF

mysql --protocol=socket -uroot -p"${MYSQL_ROOT_PASSWORD}" <<SQL
CREATE DATABASE IF NOT EXISTS \`${MYSQL_GITEA_DATABASE}\`
  CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;

CREATE DATABASE IF NOT EXISTS \`${MYSQL_KEYCLOAK_DATABASE}\`
  CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;

CREATE USER IF NOT EXISTS '${MYSQL_GITEA_USER}'@'%' IDENTIFIED BY '${MYSQL_GITEA_PASSWORD_SQL}';
ALTER USER '${MYSQL_GITEA_USER}'@'%' IDENTIFIED BY '${MYSQL_GITEA_PASSWORD_SQL}';
GRANT ALL PRIVILEGES ON \`${MYSQL_GITEA_DATABASE}\`.* TO '${MYSQL_GITEA_USER}'@'%';

CREATE USER IF NOT EXISTS '${MYSQL_KEYCLOAK_USER}'@'%' IDENTIFIED BY '${MYSQL_KEYCLOAK_PASSWORD_SQL}';
ALTER USER '${MYSQL_KEYCLOAK_USER}'@'%' IDENTIFIED BY '${MYSQL_KEYCLOAK_PASSWORD_SQL}';
GRANT ALL PRIVILEGES ON \`${MYSQL_KEYCLOAK_DATABASE}\`.* TO '${MYSQL_KEYCLOAK_USER}'@'%';

FLUSH PRIVILEGES;
SQL

echo "[INFO] MySQL logical layout initialized successfully."