fix(entrypoint): permission issue on first time running

Yimura · May 16, 2024 · b916b7f · b916b7f
1 parent c20a5a2
commit b916b7f
Showing 1 changed file with 26 additions and 14 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -4,28 +4,40 @@ run_unprivileged() {
     exec runuser worker -c "$@"
 }
 
-echo "[INFO] Creating non-root user..."
+verify_n_take_ownership() {
+    directory=$1
+    user=$2
+
+    echo "[INFO] Verifying ownership over $directory"
+    if [[ "$(find . ! -user $user | wc -l)" == "0" ]]; then
+        echo "[INFO] No ownership issues found"
+    else
+        echo "[INFO] Mismatching ownership, taking ownership for $user:$user"
+        chown -R $user:$user .
+    fi
+}
+
 if [ ! -d "/home/worker" ]; then
+    echo "[INFO] Creating non-root user..."
     useradd -m worker
 fi
 
-if [[ "$(stat -c "%U:%G" /opt/crackerjack/.git)" != "worker:worker" ]]; then
-    echo "[INFO] Fixing ownership of .git folder"
-    # fixes an issue where git would complain about dubious ownership (the root user owns the git clone)
-    chown worker:worker -R .git
-fi
+if [ ! -f /opt/crackerjack/data/instance/crackerjack.sqlite3 ]; then
+    echo '[INFO] Initializing DB.'
+    python3 -m flask db init
 
-if [[ "$(stat -c "%U:%G" /opt/crackerjack/data)" != "worker:worker" ]]; then
-    echo "[INFO] Taking ownership of data directory."
-    mkdir -p /opt/crackerjack/data && chown -R worker:worker /opt/crackerjack/data
+    echo "[INFO] Running DB migrations"
+    python3 -m flask db migrate
+    python3 -m flask db upgrade
 fi
-
-echo '[INFO] Initializing DB and running migrations.'
-python3 -m flask db init
-python3 -m flask db migrate
-python3 -m flask db upgrade
+echo "[INFO] Adding flask crontab"
 python3 -m flask crontab add
 
+# fixes an issue where git would complain about dubious ownership
+verify_n_take_ownership /opt/crackerjack/.git worker
+# we're executing the application as a non-privileged user so we need to be able to write to the DB
+verify_n_take_ownership /opt/crackerjack/data worker
+
 echo "[INFO] Starting crackerjack as unprivileged user."
 # by using exec the bash script will exit and continue running the python program.
 run_unprivileged "/usr/bin/python3 -m gunicorn --workers 3 --bind $ADDRESS:$PORT --timeout $TIMEOUT -m 007 wsgi:app"