#!/bin/sh
set -e

# If the credentials JSON is provided as an env var, materialise it as a
# temporary file and point GOOGLE_APPLICATION_CREDENTIALS at it.
# This avoids baking sensitive credentials into the image.
#
# Usage:
#   docker run -e GOOGLE_APPLICATION_CREDENTIALS_JSON="$(cat credentials.json)" ...
if [ -n "$GOOGLE_APPLICATION_CREDENTIALS_JSON" ]; then
    CREDS_FILE="$(mktemp /tmp/gcloud-credentials-XXXXXX.json)"
    printf '%s' "$GOOGLE_APPLICATION_CREDENTIALS_JSON" > "$CREDS_FILE"
    export GOOGLE_APPLICATION_CREDENTIALS="$CREDS_FILE"
fi

exec "$@"