git.stella-ops.org/devops/scripts/init-config.sh

#!/usr/bin/env bash
#
# Initialize StellaOps configuration from sample files
#
# Usage:
#   ./devops/scripts/init-config.sh [profile]
#
# Profiles:
#   dev      - Development environment (default)
#   stage    - Staging environment
#   prod     - Production environment
#   airgap   - Air-gapped deployment
#

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(cd "${SCRIPT_DIR}/../.." && pwd)"
ETC_DIR="${ROOT_DIR}/etc"

PROFILE="${1:-dev}"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

log_info()  { echo -e "${BLUE}[INFO]${NC} $*"; }
log_ok()    { echo -e "${GREEN}[OK]${NC} $*"; }
log_warn()  { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*"; }

# Validate profile
case "${PROFILE}" in
    dev|stage|prod|airgap)
        log_info "Initializing configuration for profile: ${PROFILE}"
        ;;
    *)
        log_error "Unknown profile: ${PROFILE}"
        echo "Valid profiles: dev, stage, prod, airgap"
        exit 1
        ;;
esac

# Create directory structure
create_directories() {
    log_info "Creating directory structure..."

    local dirs=(
        "etc/authority/plugins"
        "etc/certificates/trust-roots"
        "etc/certificates/signing"
        "etc/concelier/sources"
        "etc/crypto/profiles/cn"
        "etc/crypto/profiles/eu"
        "etc/crypto/profiles/kr"
        "etc/crypto/profiles/ru"
        "etc/crypto/profiles/us-fips"
        "etc/env"
        "etc/llm-providers"
        "etc/notify/templates"
        "etc/plugins/notify"
        "etc/plugins/scanner/lang"
        "etc/plugins/scanner/os"
        "etc/policy/packs"
        "etc/policy/schemas"
        "etc/router"
        "etc/scanner"
        "etc/scheduler"
        "etc/scm-connectors"
        "etc/secrets"
        "etc/signals"
        "etc/vex"
    )

    for dir in "${dirs[@]}"; do
        mkdir -p "${ROOT_DIR}/${dir}"
    done

    log_ok "Directory structure created"
}

# Copy sample files to active configs
copy_sample_files() {
    log_info "Copying sample files..."

    local count=0

    # Find all .sample files
    while IFS= read -r -d '' sample_file; do
        # Determine target file (remove .sample extension)
        local target_file="${sample_file%.sample}"

        # Skip if target already exists
        if [[ -f "${target_file}" ]]; then
            log_warn "Skipping (exists): ${target_file#${ROOT_DIR}/}"
            continue
        fi

        cp "${sample_file}" "${target_file}"
        log_ok "Created: ${target_file#${ROOT_DIR}/}"
        ((count++))
    done < <(find "${ETC_DIR}" -name "*.sample" -type f -print0 2>/dev/null)

    log_info "Copied ${count} sample files"
}

# Copy environment-specific profile
copy_env_profile() {
    log_info "Setting up environment profile: ${PROFILE}"

    local env_sample="${ETC_DIR}/env/${PROFILE}.env.sample"
    local env_target="${ROOT_DIR}/.env"

    if [[ -f "${env_sample}" ]]; then
        if [[ -f "${env_target}" ]]; then
            log_warn ".env already exists, not overwriting"
        else
            cp "${env_sample}" "${env_target}"
            log_ok "Created .env from ${PROFILE} profile"
        fi
    else
        log_warn "No environment sample found for profile: ${PROFILE}"
    fi
}

# Create .gitignore entries for active configs
update_gitignore() {
    log_info "Updating .gitignore..."

    local gitignore="${ROOT_DIR}/.gitignore"
    local entries=(
        "# Active configuration files (not samples)"
        "etc/**/*.yaml"
        "!etc/**/*.yaml.sample"
        "etc/**/*.json"
        "!etc/**/*.json.sample"
        "etc/**/env"
        "!etc/**/env.sample"
        "etc/secrets/*"
        "!etc/secrets/*.sample"
        "!etc/secrets/README.md"
    )

    # Check if entries already exist
    if grep -q "# Active configuration files" "${gitignore}" 2>/dev/null; then
        log_warn ".gitignore already contains config entries"
        return
    fi

    echo "" >> "${gitignore}"
    for entry in "${entries[@]}"; do
        echo "${entry}" >> "${gitignore}"
    done

    log_ok "Updated .gitignore"
}

# Validate the configuration
validate_config() {
    log_info "Validating configuration..."

    local errors=0

    # Check for required directories
    local required_dirs=(
        "etc/scanner"
        "etc/authority"
        "etc/policy"
    )

    for dir in "${required_dirs[@]}"; do
        if [[ ! -d "${ROOT_DIR}/${dir}" ]]; then
            log_error "Missing required directory: ${dir}"
            ((errors++))
        fi
    done

    if [[ ${errors} -gt 0 ]]; then
        log_error "Validation failed with ${errors} errors"
        exit 1
    fi

    log_ok "Configuration validated"
}

# Print summary
print_summary() {
    echo ""
    echo "========================================"
    echo "  Configuration Initialized"
    echo "========================================"
    echo ""
    echo "Profile: ${PROFILE}"
    echo ""
    echo "Next steps:"
    echo "  1. Review and customize configurations in etc/"
    echo "  2. Set sensitive values via environment variables"
    echo "  3. For crypto compliance, set STELLAOPS_CRYPTO_PROFILE"
    echo ""
    echo "Quick start:"
    echo "  docker compose up -d"
    echo ""
    echo "Documentation:"
    echo "  docs/operations/configuration-guide.md"
    echo ""
}

# Main
main() {
    create_directories
    copy_sample_files
    copy_env_profile
    update_gitignore
    validate_config
    print_summary
}

main "$@"