changes

2 files changed, 52 insertions, 39 deletions

diff --git a/build/init/Dockerfile b/build/init/Dockerfile
index 2b3d770..98eb285 100644
--- a/build/init/Dockerfile
+++ b/build/init/Dockerfile
@@ -1,5 +1,21 @@
 FROM alpine:3.19
-RUN apk add --no-cache postgresql16-client tini
+
+# install packages
+RUN apk add --no-cache postgresql16-client tini shadow
+RUN rm -fr /var/cache/apk/*
+
+# setup main user
+RUN adduser -D init
+RUN groupmod --gid 1000 init
+RUN usermod --uid 1000 init
+
+# copy scripts
 COPY ./init /usr/local/bin/init
+
+# remove build packages
+RUN apk del shadow
+
+# do the
+USER init
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/usr/local/bin/init"]
diff --git a/build/init/init b/build/init/init
index c64f139..c8dd3f0 100755
--- a/build/init/init
+++ b/build/init/init
@@ -1,21 +1,37 @@
 #!/bin/sh
 
+errors=$(mktemp)
+
 step() {
 	printf '\x1b[34;1m>> %s\x1b[0m\n' "$*"
 }
 
 error() {
-	printf '\x1b[31;1merror: \x1b[0m%s\n' "$*"
+	{
+		printf '\x1b[31;1merror: \x1b[0m%s\n' "$*";
+		grep -v 'current transaction is aborted' < "$errors";
+		printf "\x1b[31m;1error: \x1b[0mAborting migrations, fix file(s) then restart process.";
+	} 1>&2;
+}
+
+try() {
+	"$@" 2> "$errors";
+	count=$(grep -c 'ERROR' < "$errors")
+	if [ "$count" -eq 0 ]; then
+		return 0;
+	else
+		return 1;
+	fi
 }
 
-export PGPASSWORD=$POSTGRES_PASSWORD
+export PGPASSWORD="$POSTGRES_PASSWORD"
 
 psql() {
 	/usr/bin/psql \
 		-h db \
 		-p 5432 \
-		-d $POSTGRES_DB \
-		-U $POSTGRES_USER \
+		-d "$POSTGRES_DB" \
+		-U "$POSTGRES_USER" \
 		"$@"
 }
 
@@ -23,9 +39,8 @@ pg_isready() {
 	/usr/bin/pg_isready \
 		-h db \
 		-p 5432 \
-		-d $POSTGRES_DB \
-		-U $POSTGRES_USER \
-		"$@"
+		-d "$POSTGRES_DB" \
+		-U "$POSTGRES_USER"
 }
 
 curr_revision() {
@@ -49,17 +64,12 @@ run_migrations() {
 	while true; do
 		name=$(printf "%04d" "$i");
 		file="/db/migrations/$name.sql"
-
-		if [ -f $file ]; then
-			psql -f $file 2> /errors
-			errors=$(cat /errors | grep 'ERROR' | wc -l)
-			if [ "$errors" -eq 0 ]; then
+		if [ -f "$file" ]; then
+			if try psql -f "$file"; then
 				i=$((i+1));
 				continue;
 			else
 				error "An error occoured during a migration (rev $name)"
-				cat /errors | grep -v 'current transaction is aborted';
-				error "Aborting migrations, fix file(s) then restart process."
 				return 1;
 			fi
 		else
@@ -69,24 +79,19 @@ run_migrations() {
 }
 
 init_api() {
-	psql -f /db/rest/rest.sql 2> /errors;
-	errors=$(cat /errors | grep 'ERROR' | wc -l)
-	if [ "$errors" -eq 0 ]; then
+	if try psql -f /db/rest/rest.sql; then
 		return 0;
 	else
 		error "An error occoured during api initialization"
-		cat /errors | grep -v 'current transaction is aborted';
-		error "Aborting api initialization, fix file(s) then restart process."
 		return 1;
 	fi
 }
 
 update_jwt() {
-	psql -c "UPDATE sys.database_info SET jwt_secret = '$JWT_SECRET' WHERE name = current_database();"
-	errors=$(cat /errors | grep 'ERROR' | wc -l)
-	if [ "$errors" -eq 0 ]; then
+	if try psql -c "UPDATE sys.database_info SET jwt_secret = '$JWT_SECRET' WHERE name = current_database();"; then
 		return 0;
 	else
+		error "Could not update JWT"
 		return 1;
 	fi
 }
@@ -98,7 +103,7 @@ load_ext() {
 init () {
 	# reomve ready status
 	# so php ignores requests
-	rm -fr /status/ready
+	rm -f /status/ready
 
 	step 'Waiting for database';
 	# make sure the database is running
@@ -116,31 +121,22 @@ init () {
 	step "Database at revision: $REV"
 	# run each migration that is
 	# higher than our current revision
-	run_migrations "$REV"
-	CODE=$?;
-
-	if [ $CODE -ne 0 ]; then
-		return $CODE;
+	if ! run_migrations "$REV"; then
+		return 1;
 	fi
 
 	step 'Initalizing the api';
 	# reinit the api schema for
 	# postgrest
-	init_api;
-	CODE=$?;
-
-	if [ $CODE -ne 0 ]; then
-		return $CODE;
+	if ! init_api; then
+		return 1;
 	fi
 
 	step 'Updating JWT secret';
 	# make sure postgres has the corrent
 	# jwt secret
-	update_jwt;
-	CODE=$?;
-
-	if [ $CODE -ne 0 ]; then
-		return $CODE;
+	if ! update_jwt; then
+		return 1;
 	fi
 
 	step 'Database is initialized'
@@ -149,3 +145,4 @@ init () {
 }
 
 init
+rm "$errors"