Add loomio.

loomio/db-init-job.yaml

@@ -8,57 +8,48 @@ spec:
       restartPolicy: OnFailure
       containers:
       - name: db-init
-        image: postgres:15-alpine
+        image: {{ .image }}
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          echo "Initializing Loomio database..."
+          # Patch schema.rb to use IF NOT EXISTS for pghero schema
+          sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
+          bundle exec rake db:schema:load db:seed
+          echo "Database initialization complete"
         env:
-        - name: PGHOST
-          value: "{{ .db.host }}"
-        - name: PGPORT
-          value: "{{ .db.port }}"
-        - name: PGUSER
-          value: postgres
-        - name: PGPASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: postgres-secrets
-              key: postgres.password
-        - name: LOOMIO_DB_NAME
-          value: "{{ .db.name }}"
-        - name: LOOMIO_DB_USER
-          value: "{{ .db.user }}"
-        - name: LOOMIO_DB_PASSWORD
+        - name: RAILS_ENV
+          value: production
+        - name: DATABASE_URL
           valueFrom:
             secretKeyRef:
               name: loomio-secrets
-              key: dbPassword
-        command:
-        - sh
-        - -c
-        - |
-          echo "Creating database and user for Loomio..."
-
-          # Check if database exists, create if not
-          psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
-            psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
-
-          # Check if user exists, create or update password
-          psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
-            psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
-            psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
-
-          # Grant all privileges
-          psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
-
-          # Connect to the database and grant schema permissions
-          psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
-
-          echo "Database initialization complete!"
+              key: dbUrl
+        - name: REDIS_URL
+          value: {{ .redisUrl }}
+        - name: DEVISE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: deviseSecret
+        - name: SECRET_COOKIE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: secretCookieToken
         securityContext:
-          runAsNonRoot: true
-          runAsUser: 999  # postgres user
-          runAsGroup: 999
+          runAsNonRoot: false
+          runAsUser: 0
           allowPrivilegeEscalation: false
           capabilities:
             drop: [ALL]
-          readOnlyRootFilesystem: true
+          readOnlyRootFilesystem: false
           seccompProfile:
-            type: RuntimeDefault
+            type: RuntimeDefault
+      securityContext:
+        runAsNonRoot: false
+        runAsUser: 0
+        seccompProfile:
+          type: RuntimeDefault