#!/usr/bin/env bash set -uo pipefail ENV_FILE="/etc/profile.d/openclaw-env.sh" LOG_FILE="/var/log/openclaw/env-update.log" CACHE_FILE="/tmp/hf-env-cache.json" EXPORT_FILE="/tmp/env-from-api.sh" DRY_RUN=false usage() { cat </dev/null) local http_code=$(echo "$response" | tail -n1) local body=$(echo "$response" | sed '$d') if [[ "$http_code" != "200" ]]; then log "Error: API request failed with HTTP $http_code" log "Response: $body" return 1 fi echo "$body" > "$CACHE_FILE" if ! command -v jq >/dev/null 2>&1; then log "Error: jq not available, cannot parse API response" return 1 fi local env_count env_count=$(echo "$body" | jq '.env // {} | length') if [[ "$env_count" -eq 0 ]]; then log "Warning: API response contains no environment variables" return 1 fi log "Found $env_count environment variables from API" echo "" if [[ "$DRY_RUN" == "true" ]]; then log_dry "========== DRY-RUN: Environment Variables to be fetched ==========" else : > "$EXPORT_FILE" fi local sensitive_pattern="(TOKEN|KEY|SECRET|PASSWORD|ENCRYPTION_PASSWORD)" while IFS='=' read -r key value; do if [[ -n "$key" && "$key" =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]]; then if [[ "$DRY_RUN" == "true" ]]; then if [[ "$key" =~ $sensitive_pattern ]]; then log_dry " $key=" else log_dry " $key=$value" fi else printf 'export %s=%q\n' "$key" "$value" >> "$EXPORT_FILE" if [[ "$key" =~ $sensitive_pattern ]]; then log "Exported: $key=" else log "Exported: $key=$value" fi fi fi done < <(echo "$body" | jq -r '.env // {} | to_entries[] | "\(.key)=\(.value)"') if [[ "$DRY_RUN" == "true" ]]; then log_dry "========== DRY-RUN: Would write to files ==========" log_dry " ENV_FILE=$ENV_FILE (skipped in dry-run)" log_dry " EXPORT_FILE=$EXPORT_FILE (skipped in dry-run)" log_dry "========================================================" rm -f "$CACHE_FILE" fi return 0 } main() { log "Starting environment update from HF API..." if [[ "$DRY_RUN" == "true" ]]; then log "*** DRY-RUN MODE: No files will be written ***" fi local OPENCLAW_HF_SPACE_ID="${OPENCLAW_HF_SPACE_ID:-}" if [[ -z "$OPENCLAW_HF_SPACE_ID" ]]; then log "Error: OPENCLAW_HF_SPACE_ID is required but not set" log "Please set OPENCLAW_HF_SPACE_ID environment variable" exit 1 fi local hf_token="${HF_TOKEN:-${HF_API_TOKEN:-}}" if [[ -z "$hf_token" ]]; then log "Error: HF_TOKEN is required but not set" log "Please set HF_TOKEN or HF_API_TOKEN environment variable" exit 1 fi if ! fetch_and_show_env "$OPENCLAW_HF_SPACE_ID" "$hf_token"; then log "Warning: Failed to fetch env from API" exit 1 fi if [[ "$DRY_RUN" == "true" ]]; then log "Dry-run completed. No files were modified." exit 0 fi if [[ -x /usr/local/bin/save-env.sh ]]; then if [[ -f "$EXPORT_FILE" && -s "$EXPORT_FILE" ]]; then log "Sourcing API exports before calling save-env.sh" source "$EXPORT_FILE" fi /usr/local/bin/save-env.sh log "Environment file updated successfully" else log "Error: save-env.sh not found or not executable" exit 1 fi rm -f "$EXPORT_FILE" log "Current non-sensitive variables:" log " OPENCLAW_BACKUP_DATASET_REPO: ${OPENCLAW_BACKUP_DATASET_REPO:-}" log " OPENCLAW_BACKUP_CRON: ${OPENCLAW_BACKUP_CRON:-*/12 * * * *}" log " OPENCLAW_BACKUP_ENCRYPTION_ENABLED: ${OPENCLAW_BACKUP_ENCRYPTION_ENABLED:-}" } main "$@" 2>&1 | tee -a "$LOG_FILE"