Allow addition of custom ca-certificates (when running container as r…

…oot)
Argelbargel · Mar 28, 2024 · abbc15b · abbc15b
1 parent 848527d
commit abbc15b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/.github/release.Dockerfile b/.github/release.Dockerfile
@@ -4,12 +4,17 @@ LABEL org.opencontainers.image.source=https://github.com/Argelbargel/vault-raft-
 LABEL org.opencontainers.image.description="vault-raft-snapshot-agent ($TARGETPLATFORM)"
 LABEL org.opencontainers.image.licenses=MIT
 
-ENTRYPOINT ["/bin/vault-raft-snapshot-agent"]
+RUN apk --no-cache add ca-certificates \
+    && rm -rf /var/cache/apk/*
+
 VOLUME /etc/vault.d/
-WORKDIR /
 
 ARG DIST_DIR
 ARG TARGETOS
 ARG TARGETARCH
+COPY ${DIST_DIR}/entrypoint /sbin/entrypoint
 COPY ${DIST_DIR}/vault-raft-snapshot-agent_${TARGETOS}_${TARGETARCH} /bin/vault-raft-snapshot-agent
-RUN chmod +x /bin/vault-raft-snapshot-agent
+RUN chmod +x /sbin/entrypoint /bin/vault-raft-snapshot-agent
+
+WORKDIR /
+ENTRYPOINT ["/sbin/entrypoint"]
diff --git a/.github/workflows/release-container-image.yml b/.github/workflows/release-container-image.yml
@@ -88,6 +88,11 @@ jobs:
         name: binaries
         path: dist/
 
+    - name: Copy entrypoint
+      id: copy_entrypoint
+      run: |
+        cp -f init/entrypoint dist/entrypoint
+
     - name: Login to Github Packages
       uses: docker/login-action@v3
       with:

diff --git a/init/entrypoint b/init/entrypoint
@@ -0,0 +1,11 @@
+#! /bin/bash
+set -eu
+
+if [ -d /etc/vault.d/certs ]; then
+    echo "Updating certificates"
+    cp /etc/vault.d/certs /usr/local/share/ca-certificates
+    update-ca-certificates
+fi
+
+echo "Starting agent..."
+exec /bin/vault-raft-snapshot-agent