From b511b9d982a175e4f53471773922fa2a86814862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?= <1536672+jokesterfr@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:07:23 +0100 Subject: [PATCH] feat(run): introduce configurable user to run scripts (#42) --- README.md | 2 ++ assets/run.sh | 10 ++++++---- examples/develop-prestashop/docker-compose.yml | 1 + .../init-scripts/build-assets.sh | 18 ++++++++++++++++-- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bb37e5d..e23fd77 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,8 @@ You can check this implementation anytime in [prestashop-version.json](./prestas | INSTALL_MODULES_DIR | module directory containing zips to be installed with the PrestaShop CLI | no | empty string (example: `/ps-modules`) | | INIT_SCRIPTS_DIR | script directory with executable files to be run prior to PrestaShop startup | no | `/tmp/init-scripts` | | POST_SCRIPTS_DIR | script directory with executable files to be run after the PrestaShop startup | no | `/tmp/post-scripts` | +| INIT_SCRIPTS_USER | the user running the executable files to be run prior to PrestaShop startup | no | `www-data` | +| POST_SCRIPTS_USER | the user running the executable files to be run after the PrestaShop startup | no | `www-data` | | INIT_ON_RESTART | if enabled the PS_DOMAIN auto search and dump fix will be replayed on container restart | no | `false` | | DUMP_ON_RESTART | if enabled the dump restoration replayed on container restart | no | `false` | | INSTALL_MODULES_ON_RESTART | if enabled zip modules will be reinstalled on container restart | no | `false` | diff --git a/assets/run.sh b/assets/run.sh index e4422df..adf398e 100755 --- a/assets/run.sh +++ b/assets/run.sh @@ -14,6 +14,8 @@ ON_INSTALL_MODULES_FAILURE=${ON_INSTALL_MODULES_FAILURE:-fail} MYSQL_VERSION=${MYSQL_VERSION:-5.7} INIT_SCRIPTS_DIR=${INIT_SCRIPTS_DIR:-/tmp/init-scripts/} POST_SCRIPTS_DIR=${POST_SCRIPTS_DIR:-/tmp/post-scripts/} +INIT_SCRIPTS_USER=${INIT_SCRIPTS_USER:-www-data} +POST_SCRIPTS_USER=${POST_SCRIPTS_USER:-www-data} INIT_LOCK=/tmp/flashlight-init.lock DUMP_LOCK=/tmp/flashlight-dump.lock @@ -172,9 +174,9 @@ if [ -d "$INIT_SCRIPTS_DIR" ]; then find "$INIT_SCRIPTS_DIR" -maxdepth 1 -executable -type f -print0 | sort -z | xargs -0 -n1 sh -c ' printf "\n--> Running $1...\n" if [ "$ON_INIT_SCRIPT_FAILURE" = "continue" ]; then - (sudo -E -g www-data -u www-data -- $1) || { echo "x $1 execution failed. Skipping."; } + (sudo -E -g '"$INIT_SCRIPTS_USER"' -u '"$INIT_SCRIPTS_USER"' -- $1) || { echo "x $1 execution failed. Skipping."; } else - (sudo -E -g www-data -u www-data -- $1) || { echo "x $1 execution failed. Sleep and exit."; sleep 10; exit 7; } + (sudo -E -g '"$INIT_SCRIPTS_USER"' -u '"$INIT_SCRIPTS_USER"' -- $1) || { echo "x $1 execution failed. Sleep and exit."; sleep 10; exit 7; } fi ' sh | awk 'BEGIN{RS="\n";ORS="\n "}1'; printf "\n"; @@ -208,9 +210,9 @@ if [ -d "$POST_SCRIPTS_DIR" ]; then find "$POST_SCRIPTS_DIR" -maxdepth 1 -executable -type f -print0 | sort -z | xargs -0 -n1 sh -c ' printf "\n--> Running $1...\n" if [ "$ON_POST_SCRIPT_FAILURE" = "continue" ]; then - (sudo -E -g www-data -u www-data -- $1) || { echo "x $1 execution failed. Skipping."; } + (sudo -E -g '"$POST_SCRIPTS_USER"' -u '"$POST_SCRIPTS_USER"' -- $1) || { echo "x $1 execution failed. Skipping."; } else - (sudo -E -g www-data -u www-data -- $1) || { echo "x $1 execution failed. Sleep and exit."; sleep 10; exit 8; } + (sudo -E -g '"$POST_SCRIPTS_USER"' -u '"$POST_SCRIPTS_USER"' -- $1) || { echo "x $1 execution failed. Sleep and exit."; sleep 10; exit 8; } fi ' sh | awk 'BEGIN{RS="\n";ORS="\n "}1'; printf "\n"; diff --git a/examples/develop-prestashop/docker-compose.yml b/examples/develop-prestashop/docker-compose.yml index a1f6d60..1ee2d55 100644 --- a/examples/develop-prestashop/docker-compose.yml +++ b/examples/develop-prestashop/docker-compose.yml @@ -7,6 +7,7 @@ services: environment: - PS_DOMAIN=localhost:8000 - INIT_SCRIPTS_DIR=/tmp/init-scripts + - INIT_SCRIPTS_USER=root volumes: - ..:/var/www/html:rw - ./init-scripts:/tmp/init-scripts:ro diff --git a/examples/develop-prestashop/init-scripts/build-assets.sh b/examples/develop-prestashop/init-scripts/build-assets.sh index caf98db..ac6089a 100755 --- a/examples/develop-prestashop/init-scripts/build-assets.sh +++ b/examples/develop-prestashop/init-scripts/build-assets.sh @@ -1,7 +1,21 @@ #!/bin/sh set -eu -echo "* Build PrestaShop assets..." +echo "* Download composer dependencies..." make composer + +echo "* Build PrestaShop assets..." +# Disclaimer: it seems that the PrestaShop front-end assets currently require +# to install Node.js dependencies globally. This is a bad pattern, which would +# require this script to be run as root. +# +# As an alternative, we propose this NPM_PREFIX_DIR hack suggestion, which could +# eventually help to avoid running init-scripts as root in the future +# +NPM_PREFIX_DIR=/tmp/npm +mkdir -p $NPM_PREFIX_DIR +npm prefix -g $NPM_PREFIX_DIR +export PATH="$PATH:$NPM_PREFIX_DIR/bin" make assets -echo "* Assets built!" + +echo "✅ Assets built!"