cleanup

Author: ahgraber

Dockerfile

@@ -13,6 +13,7 @@ ARG BUILD_DATE
 
 ENV SUPPRESS_NO_CONFIG_WARNING=1
 ENV S6_FIX_ATTRS_HIDDEN=1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=1
 ENV NODE_ENV=production
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
@@ -31,14 +32,16 @@ EXPOSE 80
 EXPOSE 81
 EXPOSE 443
 
-COPY docker/rootfs      /
 ADD backend             /app
 ADD frontend/dist       /app/frontend
 COPY global             /app/global
 
 WORKDIR /app
 RUN yarn install
 
+# add late to limit cache-busting by modifications
+COPY docker/rootfs      /
+
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
 

docker-compose.yaml

@@ -1,3 +1,3 @@
 *
 !.gitignore
-!01_envfile.sh
+!*.sh

docker/Dockerfile

@@ -1,28 +1,27 @@
-#! /bin/bash
+#!/usr/bin/with-contenv bash
 # ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
 
 # in s6, environmental variables are written as text files for s6 to monitor
 # seach through full-path filenames for files ending in "__FILE"
 for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
-    echo "[secret-init] Evaluating ${FILENAME##*/}"
+    echo "[secret-init] Evaluating ${FILENAME##*/} ..."
 
     # set SECRETFILE to the contents of the full-path textfile
     SECRETFILE=$(cat ${FILENAME})
     # SECRETFILE=${FILENAME}
-    echo "[secret-init] Setting SECRETFILE to ${SECRETFILE}..."  # DEBUG - rm for prod!
+    # echo "[secret-init] Set SECRETFILE to ${SECRETFILE}"  # DEBUG - rm for prod!
 
     # if SECRETFILE exists / is not null
     if [[ -f ${SECRETFILE} ]]; then
         # strip the appended "__FILE" from environmental variable name ...
         STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") 
-        echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
+        # echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
 
         # ... and set value to contents of secretfile
         # since s6 uses text files, this is effectively "export ..."
-        # cat ${SECRETFILE} > ${STRIPFILE}
-        cat $(${SECRETFILE} | sed "s/[^\w.-]+//g") > ${STRIPFILE}
-        echo "[secret-init] Set ${STRIPFILE} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
-        echo "[secret-init] Success! ${STRIPFILE} set from ${FILENAME}"
+        printf $(cat ${SECRETFILE}) > ${STRIPFILE}
+        # echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
+        echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
 
     else
         echo "[secret-init] cannot find secret in ${FILENAME}"