diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6b4febe --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM node:latest AS builder + +WORKDIR /opt/mx-puppet-skype + +# run build process as user in case of npm pre hooks +# pre hooks are not executed while running as root +RUN chown node:node /opt/mx-puppet-skype +USER node + +COPY package.json package-lock.json ./ +RUN npm install + +COPY tsconfig.json ./ +COPY src/ ./src/ +RUN npm run build + + +FROM node:alpine + +VOLUME /data + +ENV CONFIG_PATH=/data/config.yaml \ + REGISTRATION_PATH=/data/skype-registration.yaml + +# su-exec is used by docker-run.sh to drop privileges +RUN apk add --no-cache su-exec + +WORKDIR /opt/mx-puppet-skype +COPY docker-run.sh ./ +COPY --from=builder /opt/mx-puppet-skype/node_modules/ ./node_modules/ +COPY --from=builder /opt/mx-puppet-skype/build/ ./build/ + +# change workdir to /data so relative paths in the config.yaml +# point to the persisten volume +WORKDIR /data +ENTRYPOINT ["/opt/mx-puppet-skype/docker-run.sh"] + diff --git a/docker-run.sh b/docker-run.sh new file mode 100755 index 0000000..26cba9a --- /dev/null +++ b/docker-run.sh @@ -0,0 +1,39 @@ +#!/bin/sh -e + +if [ ! -f "$CONFIG_PATH" ]; then + echo 'No config found' + exit 1 +fi + +args="$@" + +if [ ! -f "$REGISTRATION_PATH" ]; then + echo 'No registration found, generating now' + args="-r" +fi + + +# if no --uid is supplied, prepare files to drop privileges +if [ "$(id -u)" = 0 ]; then + chown node:node /data + + if find *.db > /dev/null 2>&1; then + # make sure sqlite files are writeable + chown node:node *.db + fi + if find *.log.* > /dev/null 2>&1; then + # make sure log files are writeable + chown node:node *.log.* + fi + + su_exec='su-exec node:node' +else + su_exec='' +fi + +# $su_exec is used in case we have to drop the privileges +exec $su_exec /usr/local/bin/node '/opt/mx-puppet-skype/build/index.js' \ + -c "$CONFIG_PATH" \ + -f "$REGISTRATION_PATH" \ + $args +