#!/usr/bin/env bash set -euo pipefail if [ -z "${GH_REPO_TOKEN:-}" ]; then echo "GH_REPO_TOKEN secret missing. Configure it in Hugging Face Space Settings -> Variables and secrets." >&2 exit 1 fi REPO_SLUG="${GH_REPO_SLUG:-shs3131/pulltime}" REPO_REF="${GH_REPO_REF:-main}" APP_SUBDIR="${GH_APP_SUBDIR:-server}" APP_DIR="/runtime/app" if [ -n "${ROOT_PASSWORD:-}" ]; then if command -v chpasswd >/dev/null 2>&1; then echo "root:${ROOT_PASSWORD}" | chpasswd echo "ROOT_PASSWORD applied for root user." else echo "chpasswd not found. Install shadow package in the image." >&2 exit 1 fi fi mkdir -p /runtime rm -rf "$APP_DIR" # Clone private GitHub repository using token auth (stable for github.com HTTPS) git clone --depth 1 --branch "$REPO_REF" "https://x-access-token:${GH_REPO_TOKEN}@github.com/${REPO_SLUG}.git" "$APP_DIR" cd "$APP_DIR/$APP_SUBDIR" if [ ! -f package.json ]; then echo "package.json not found in ${APP_SUBDIR}. Check GH_APP_SUBDIR." >&2 exit 1 fi ALLOW_LOCKFILE_BYPASS="${ALLOW_LOCKFILE_BYPASS:-true}" if npm ci --omit=dev; then echo "Dependencies installed with npm ci." else if [ "${ALLOW_LOCKFILE_BYPASS}" = "true" ]; then echo "npm ci failed (lock mismatch). Falling back to npm install --omit=dev." >&2 npm install --omit=dev --no-audit --no-fund else echo "npm ci failed and lockfile bypass is disabled (ALLOW_LOCKFILE_BYPASS=false)." >&2 exit 1 fi fi exec npm start