From 34a51282858971776564f3c12b96ed4eb9054c3c Mon Sep 17 00:00:00 2001 From: Eric Migicovsky Date: Thu, 26 Mar 2020 13:44:56 -0700 Subject: [PATCH 1/3] add docker run --- docker-run.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 docker-run.sh diff --git a/docker-run.sh b/docker-run.sh new file mode 100644 index 0000000..058a3e4 --- /dev/null +++ b/docker-run.sh @@ -0,0 +1,38 @@ +#!/bin/sh -e + +if [ ! -f "$CONFIG_PATH" ]; then + echo 'No config found' + exit 1 +fi + +args="$@" + +if [ ! -f "$REGISTRATION_PATH" ]; then + echo 'No registration found, generating now' + args="-r" +fi + + +# if no --uid is supplied, prepare files to drop privileges +if [ "$(id -u)" = 0 ]; then + chown node:node /data + + if find *.db > /dev/null 2>&1; then + # make sure sqlite files are writeable + chown node:node *.db + fi + if find *.log.* > /dev/null 2>&1; then + # make sure log files are writeable + chown node:node *.log.* + fi + + su_exec='su-exec node:node' +else + su_exec='' +fi + +# $su_exec is used in case we have to drop the privileges +exec $su_exec /usr/local/bin/node '/opt/mx-puppet-skype/build/index.js' \ + -c "$CONFIG_PATH" \ + -f "$REGISTRATION_PATH" \ + $args From 6dd94cbbf781780c33bd69037ae00b0c7fca0876 Mon Sep 17 00:00:00 2001 From: Eric Migicovsky Date: Thu, 26 Mar 2020 13:47:31 -0700 Subject: [PATCH 2/3] Delete docker-run.sh --- docker-run.sh | 38 -------------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 docker-run.sh diff --git a/docker-run.sh b/docker-run.sh deleted file mode 100644 index 058a3e4..0000000 --- a/docker-run.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -e - -if [ ! -f "$CONFIG_PATH" ]; then - echo 'No config found' - exit 1 -fi - -args="$@" - -if [ ! -f "$REGISTRATION_PATH" ]; then - echo 'No registration found, generating now' - args="-r" -fi - - -# if no --uid is supplied, prepare files to drop privileges -if [ "$(id -u)" = 0 ]; then - chown node:node /data - - if find *.db > /dev/null 2>&1; then - # make sure sqlite files are writeable - chown node:node *.db - fi - if find *.log.* > /dev/null 2>&1; then - # make sure log files are writeable - chown node:node *.log.* - fi - - su_exec='su-exec node:node' -else - su_exec='' -fi - -# $su_exec is used in case we have to drop the privileges -exec $su_exec /usr/local/bin/node '/opt/mx-puppet-skype/build/index.js' \ - -c "$CONFIG_PATH" \ - -f "$REGISTRATION_PATH" \ - $args From e3063f840f0adadaaf469c6d0db3c04dc0f588e5 Mon Sep 17 00:00:00 2001 From: Eric Migicovsky Date: Thu, 26 Mar 2020 13:51:40 -0700 Subject: [PATCH 3/3] add docker stuff --- Dockerfile | 37 +++++++++++++++++++++++++++++++++++++ docker-run.sh | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 Dockerfile create mode 100755 docker-run.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6b4febe --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM node:latest AS builder + +WORKDIR /opt/mx-puppet-skype + +# run build process as user in case of npm pre hooks +# pre hooks are not executed while running as root +RUN chown node:node /opt/mx-puppet-skype +USER node + +COPY package.json package-lock.json ./ +RUN npm install + +COPY tsconfig.json ./ +COPY src/ ./src/ +RUN npm run build + + +FROM node:alpine + +VOLUME /data + +ENV CONFIG_PATH=/data/config.yaml \ + REGISTRATION_PATH=/data/skype-registration.yaml + +# su-exec is used by docker-run.sh to drop privileges +RUN apk add --no-cache su-exec + +WORKDIR /opt/mx-puppet-skype +COPY docker-run.sh ./ +COPY --from=builder /opt/mx-puppet-skype/node_modules/ ./node_modules/ +COPY --from=builder /opt/mx-puppet-skype/build/ ./build/ + +# change workdir to /data so relative paths in the config.yaml +# point to the persisten volume +WORKDIR /data +ENTRYPOINT ["/opt/mx-puppet-skype/docker-run.sh"] + diff --git a/docker-run.sh b/docker-run.sh new file mode 100755 index 0000000..26cba9a --- /dev/null +++ b/docker-run.sh @@ -0,0 +1,39 @@ +#!/bin/sh -e + +if [ ! -f "$CONFIG_PATH" ]; then + echo 'No config found' + exit 1 +fi + +args="$@" + +if [ ! -f "$REGISTRATION_PATH" ]; then + echo 'No registration found, generating now' + args="-r" +fi + + +# if no --uid is supplied, prepare files to drop privileges +if [ "$(id -u)" = 0 ]; then + chown node:node /data + + if find *.db > /dev/null 2>&1; then + # make sure sqlite files are writeable + chown node:node *.db + fi + if find *.log.* > /dev/null 2>&1; then + # make sure log files are writeable + chown node:node *.log.* + fi + + su_exec='su-exec node:node' +else + su_exec='' +fi + +# $su_exec is used in case we have to drop the privileges +exec $su_exec /usr/local/bin/node '/opt/mx-puppet-skype/build/index.js' \ + -c "$CONFIG_PATH" \ + -f "$REGISTRATION_PATH" \ + $args +