Applied latest changes made to PR pokt-network#1603 on official Pocke…

…t Repo.

.github/workflows/Dockerfile

@@ -15,19 +15,20 @@ RUN apk add --update --no-cache expect bash leveldb-dev tzdata curl \
 
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /build/pocket /bin/pocket
+# mesh will use separated entrypoint to avoid issues when rebase from upstream repository.
 COPY .github/workflows/mesh_entrypoint.sh /home/app/entrypoint.sh
 # allow users to run the container as root and fix the permissions in an easy way
 # this could be used as a one time run entrypoint.
 # e.g:
 # docker-compose:
-#   entrypoint: [ "/home/app/fix_permissions.sh", "/home/app/.pocket"]
+#   entrypoint: [ "/home/app/change_datadir_ownership_to_app.sh", "/home/app/.pocket"]
 #   user: root
 # docker:
-#   --entrypoint="/home/app/fix_permissions.sh /home/app/.pocket" -u root
-COPY .github/workflows/fix_permissions.sh /home/app/fix_permissions.sh
+#   --entrypoint="/home/app/change_datadir_ownership_to_app.sh /home/app/.pocket" -u root
+COPY .github/workflows/change_datadir_ownership_to_app.sh /home/app/change_datadir_ownership_to_app.sh
 
 RUN chmod +x /home/app/entrypoint.sh && \
-    chmod +x /home/app/fix_permissions.sh && \
+    chmod +x /home/app/change_datadir_ownership_to_app.sh && \
     chown -R app /bin/pocket \
     && mkdir -p /home/app/.pocket/config \
     && chown -R app /home/app/.pocket

.github/workflows/change_datadir_ownership_to_app.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+datadir=$1
+# Changing the permissions is necessary here because previous versions of our Dockerfile
+# did not specify `app` as the user, so Docker defaulted to `root`.
+# This script facilitates transition for those who have not specified the `app` user at the start of the container.
+# It changes the ownership to the proper user and group (`app:app`), as declared in the Dockerfile.
+# The specific ownership by user 'app' and group 'app' is required to ensure that the `app` user
+# specified in the Dockerfile will have full access to the relevant directory.
+echo "Attempting to fix ${datadir} permissions to be owned by app:app"
+chown -R app:app $datadir
+echo "${datadir} permissions applied."
+echo "Please turn off entrypoint override and ensure you are using user `app` or user `1005` when start container."
+exit 0

.github/workflows/entrypoint.sh

@@ -1,22 +1,23 @@
 #!/usr/bin/expect
 
-# Command to run
-set command $argv
-set timeout -1
-
 # Send `pocket stop` when interrupted to prevent corruption
 proc graceful_exit {} {
     send_user "Gracefully exiting Pocket...\n"
     spawn sh -c "pocket stop"
 }
 
-proc graceful_mesh_exit {pid} {
-    send_user "Gracefully exiting Pocket...\n"
-    exec kill -SIGTERM $pid
-}
+trap graceful_exit {SIGINT SIGTERM}
 
+# Command to run
+set command $argv
+set timeout -1
 
 # Pull variables from env if set
+set defaultDatadir "/home/app/.pocket"
+set datadir $defaultDatadir
+catch {set datadir $env(POCKET_CORE_DATADIR)}
+set datadirParam "--datadir=${datadir}"
+
 set genesis ""
 catch {set genesis $env(POCKET_CORE_GENESIS)}
 
@@ -34,54 +35,79 @@ catch {set core_passphrase $env(POCKET_CORE_PASSPHRASE)}
 
 # Create dynamic config files
 if {$genesis != ""} {
-    set genesis_file [open /home/app/.pocket/config/genesis.json w]
+    set genesis_file [open "{$datadir}/config/genesis.json" w]
     puts $genesis_file $genesis
     close $genesis_file
     send_user "GENESIS loaded from env\n"
 }
 if {$chains != ""} {
-    set chains_file [open /home/app/.pocket/config/chains.json w]
+    set chains_file [open "${datadir}/config/chains.json" w]
     puts $chains_file $chains
     close $chains_file
     send_user "CHAINS loaded from env\n"
 }
 if {$config != ""} {
-    set config_file [open /home/app/.pocket/config/config.json w]
+    set config_file [open "${datadir}/config/config.json" w]
     puts $config_file $config
     close $config_file
     send_user "CONFIG loaded from env\n"
 }
 
+if {[regexp -nocase "datadir=" $command] && ![regexp -nocase "datadir=${datadir}" $command]} {
+  send_user "WARNING: --datadir provided with a different path than the one defined in the Dockerfile. This could lead to errors using pocket CLI commands.\n"
+} elseif {![regexp -nocase "datadir=" $command]} {
+  send_user "INFO: param --datadir was not provided; attaching ${datadirParam} on every command\n"
+  set command "${command} ${datadirParam}"
+}
+
+if {![regexp -nocase "datadir=${defaultDatadir}" $command]} {
+	send_user "WARNING: --datadir is not the default one
+Please review:
+1. Mount your config folder to the same path you specify in --datadir
+2. Review your config.json to ensure the following configs match the value of --datadir
+  2.1. tendermint_config.RootDir
+  2.2. RPC.RootDir
+  2.3. P2P.RootDir
+  2.4. Mempool.RootDir
+  2.5. Consensus.RootDir
+  2.6. pocket_config.RootDir
+"
+}
+
+proc check_passphrase {str} {
+  send_user "checking passphrase: ${str}\n"
+  if {$str == ""} {
+    send_user "missing POCKET_CORE_PASSPHRASE environment variable"
+    exit 1
+  }
+}
+
 # if not --keybase=false
 # e.g. "pocket start --keybase=false --mainnet --datadir=/home/app/.pocket/"
 if {[regexp -nocase "keybase=false" $command]} {
 	spawn sh -c "$command"
 } elseif { $core_key eq "" }  {
 	  # If key isn't passed in, start the node
+	  check_passphrase $core_passphrase
     log_user 0
     spawn sh -c "$command"
     send -- "$core_passphrase\n"
     log_user 1
 } else {
+    check_passphrase $core_passphrase
     # If key is passed in, load it into the local accounts
     log_user 0
-    spawn pocket accounts import-raw $core_key
+    spawn pocket accounts import-raw $datadirParam $core_key
     sleep 1
     send -- "$core_passphrase\n"
     expect eof
-    spawn sh -c "pocket accounts set-validator `pocket accounts list | cut -d' ' -f2- `"
+    spawn sh -c "pocket accounts set-validator ${datadirParam} `pocket accounts list ${datadirParam} | cut -d' ' -f2- `"
     sleep 1
     send -- "$core_passphrase\n"
     expect eof
     log_user 1
     spawn sh -c "$command"
 }
 
-set pid [exp_pid]
-if {![regexp -nocase "start-mesh" $command]} {
-  trap graceful_exit {SIGINT SIGTERM}
-} else {
-  trap "graceful_mesh_exit $pid" {SIGINT SIGTERM}
-}
 expect eof
 exit

.github/workflows/mesh_entrypoint.sh

@@ -22,17 +22,17 @@ catch {set datadir $env(POCKET_CORE_DATADIR)}
 set datadirParam "--datadir=${datadir}"
 
 if {[regexp -nocase "datadir=" $command] && ![regexp -nocase "datadir=${datadir}" $command]} {
-  send_user "WARNING: --datadir provided with a different path to the one defined on Dockerfile. This could lead to errors when use this entrypoint to run CLI commands.\n"
+  send_user "WARNING: --datadir provided with a different path than the one defined in the Dockerfile. This could lead to errors using pocket CLI commands.\n"
 } elseif {![regexp -nocase "datadir=" $command]} {
-  send_user "INFO: param --datadir was not provided; attaching ${datadirParam} on every command executed with this entrypoint\n"
+  send_user "INFO: param --datadir was not provided; attaching ${datadirParam} on every command\n"
   set command "${command} ${datadirParam}"
 }
 
 if {![regexp -nocase "datadir=${defaultDatadir}" $command]} {
   send_user "WARNING: --datadir is not the default one
 Please review:
-1. Mount your config folder to the same path you specify on --datadir
-2. Review your config.json on the following points to match with the value of --datadir
+1. Mount your config folder to the same path you specify in --datadir
+2. Review your config.json to ensure the following configs match the value of --datadir
   2.1. tendermint_config.RootDir
   2.2. RPC.RootDir
   2.3. P2P.RootDir