From abbc15b7d707082562c898d3f9bb727ef15ed9ea Mon Sep 17 00:00:00 2001
From: Argelbargel <karsten.kraus@web.de>
Date: Thu, 28 Mar 2024 13:00:49 +0100
Subject: [PATCH] Allow addition of custom ca-certificates (when running
 container as root)

---
 .github/release.Dockerfile                    | 11 ++++++++---
 .github/workflows/release-container-image.yml |  5 +++++
 init/entrypoint                               | 11 +++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 init/entrypoint

diff --git a/.github/release.Dockerfile b/.github/release.Dockerfile
index 2d4a830..002759c 100644
--- a/.github/release.Dockerfile
+++ b/.github/release.Dockerfile
@@ -4,12 +4,17 @@ LABEL org.opencontainers.image.source=https://github.com/Argelbargel/vault-raft-
 LABEL org.opencontainers.image.description="vault-raft-snapshot-agent ($TARGETPLATFORM)"
 LABEL org.opencontainers.image.licenses=MIT
 
-ENTRYPOINT ["/bin/vault-raft-snapshot-agent"]
+RUN apk --no-cache add ca-certificates \
+    && rm -rf /var/cache/apk/*
+
 VOLUME /etc/vault.d/
-WORKDIR /
 
 ARG DIST_DIR
 ARG TARGETOS
 ARG TARGETARCH
+COPY ${DIST_DIR}/entrypoint /sbin/entrypoint
 COPY ${DIST_DIR}/vault-raft-snapshot-agent_${TARGETOS}_${TARGETARCH} /bin/vault-raft-snapshot-agent
-RUN chmod +x /bin/vault-raft-snapshot-agent
+RUN chmod +x /sbin/entrypoint /bin/vault-raft-snapshot-agent
+
+WORKDIR /
+ENTRYPOINT ["/sbin/entrypoint"]
diff --git a/.github/workflows/release-container-image.yml b/.github/workflows/release-container-image.yml
index 3690459..5408f10 100644
--- a/.github/workflows/release-container-image.yml
+++ b/.github/workflows/release-container-image.yml
@@ -88,6 +88,11 @@ jobs:
         name: binaries
         path: dist/
 
+    - name: Copy entrypoint
+      id: copy_entrypoint
+      run: |
+        cp -f init/entrypoint dist/entrypoint
+
     - name: Login to Github Packages
       uses: docker/login-action@v3
       with:
diff --git a/init/entrypoint b/init/entrypoint
new file mode 100644
index 0000000..ebe57b3
--- /dev/null
+++ b/init/entrypoint
@@ -0,0 +1,11 @@
+#! /bin/bash
+set -eu
+
+if [ -d /etc/vault.d/certs ]; then
+    echo "Updating certificates"
+    cp /etc/vault.d/certs /usr/local/share/ca-certificates
+    update-ca-certificates
+fi
+
+echo "Starting agent..."
+exec /bin/vault-raft-snapshot-agent
\ No newline at end of file