Remove leftover from previous version

bin/infisical

@@ -2,7 +2,13 @@
 set -e
 
 main() {
-    declare -a args=("--rm" "--workdir" "${PWD}" "--volume" "${PWD}:${PWD}" "-t")
+    declare -a args=("--rm" "--workdir" "${PWD}" "--volume" "${PWD}:${PWD}")
+
+    if [ -t 1 ]; then
+        args+=("-t")
+    else
+        args+=("-T")
+    fi
 
     if [ -n "${INFISICAL_TOKEN}" ]; then
         args+=("--env" "INFISICAL_TOKEN=${INFISICAL_TOKEN}")

dist/scripts/src/fetch-secrets.sh

@@ -1,17 +1,40 @@
 #!/usr/bin/env bash
 
+set -euo pipefail
+
+dc_infisical() {
+    # If stdout is a real terminal, allocate TTY
+    if [ -t 1 ]; then
+        docker compose run --rm -t cli infisical "$@"
+        return
+    fi
+
+    docker compose run --rm -T cli infisical "$@"
+}
+
 fetch_secret() {
     local target_secret="${1:?Target secret local_secret is required}"
     local env="${2:?Environment is required}"
     local output_file="${3:?}"
+    declare -a args
 
-    if command -v infisical &>/dev/null; then
+    if [[ -n "${INFISICAL_PROJECT_ID:-}" ]]; then
+        args+=("--projectId" "${INFISICAL_PROJECT_ID}")
+    fi
+
+    args+=("secrets" "--plain" "get" "${target_secret}" "--env" "${env}")
+
+    if command -v infisical-dcli &>/dev/null; then
         # If infisical CLI command is available, use it directly
-        infisical secrets --plain get "${target_secret}" --env "${env}" >"${output_file}"
+        if ! infisical-dcli "${args[@]}" >"${output_file}"; then
+            rm -f "${output_file}" # Clean up if fetch failed
+            return 1
+        fi
     else
-        script -q /dev/null \
-            -c "docker compose run --rm -t cli infisical secrets --plain get ""${target_secret}"" --env ""${env}""" \
-            >"${output_file}"
+        if ! dc_infisical "${args[@]}" >"${output_file}"; then
+            rm -f "${output_file}" # Clean up if fetch failed
+            return 1
+        fi
     fi
 
     # Check if file is empty
@@ -46,16 +69,22 @@ main() {
         env="$(jq -r .env <<<"${obj}")"
         filename="$(jq -r .filename <<<"${obj}")"
 
+        if [[ ${local_secret} == "null" || ${target_secret} == "null" ]]; then
+            printf "Error: Missing required fields in entry: %s\n" "${obj}" >&2
+            continue
+        fi
+
         # Default output file name
-        output_file="${secrets_dir}/${output_file}"
+        output_file="${secrets_dir}/${local_secret}"
 
         # If filename is specified in json, use it; otherwise, use the local_secret as the filename
         if [[ -n ${filename} && ${filename} != "null" ]]; then
             output_file="${secrets_dir}/${filename}"
         fi
 
-        if [[ -z ${env} ]]; then
-            printf "Warning: Environment not specified for secret %s, assuming 'prod'\n" "${local_secret}" >&2
+        if [[ ${env} == "null" ]]; then
+            printf "Warning: Environment not specified for secret %s, assuming 'dev'\n" "${local_secret}" >&2
+            env="dev"
         fi
 
         printf "Processing %s -> %s (%s)\n" "${local_secret}" "${target_secret}" "${env}"

src/entrypoint.sh

@@ -8,8 +8,6 @@ init() {
     group_id="${RUNTIME_GROUP_ID:?}"
 
     /usr/local/bin/adapt-user "abc" "${user_id}" "${group_id}" "/data/"
-
-    runuser -u abc -- mkdir -p "/data/project"
 }
 
 main() {