From 895b51fd9ff059c3a469ad510ab0127f2e8c7b87 Mon Sep 17 00:00:00 2001
From: Christian Winther <jippignu@gmail.com>
Date: Thu, 4 Jan 2024 23:04:25 +0000
Subject: [PATCH] more tweaks

---
 contrib/docker/README.md                      | 12 +++--
 .../root/docker/entrypoint.d/10-storage.sh    |  2 +-
 .../entrypoint.d/15-storage-permissions.sh    |  8 ++--
 .../docker/shared/root/docker/entrypoint.sh   |  5 +++
 contrib/docker/shared/root/docker/helpers.sh  | 44 ++++++++++++++++---
 5 files changed, 56 insertions(+), 15 deletions(-)

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index b07a9b1b..2797b95f 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -108,6 +108,12 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/
 1. If the file has the extension `.sh` the file will be run like a normal script.
 1. Any other file extension will log a warning and will be ignored.
 
+#### Debugging
+
+You can set environment variable `ENTRYPOINT_DEBUG=1` to show verbose output of what each `entrypoint.d` script is doing.
+
+You can also `docker exec` or `docker run` into a container and run `/`
+
 #### Included scripts
 
 * `/docker/entrypoint.d/04-defaults.envsh` calculates Docker container environment variables needed for [templating](#templating) configuration files.
@@ -145,7 +151,7 @@ Variables available for templating are sourced (in order, so *last* source takes
 
 #### Template guide 101
 
-Please see the [gomplate documentation](https://docs.gomplate.ca/) for a more comprehensive overview.
+Please see the [`gomplate` documentation](https://docs.gomplate.ca/) for a more comprehensive overview.
 
 The most frequent use-case you have is likely to print a environment variable (or a default value if it's missing), so this is how to do that:
 
@@ -156,8 +162,8 @@ The script will *fail* if you reference a variable that does not exist (and don'
 
 Please see the
 
-* [gomplate syntax documentation](https://docs.gomplate.ca/syntax/)
-* [gomplate functions documentation](https://docs.gomplate.ca/functions/)
+* [`gomplate` syntax documentation](https://docs.gomplate.ca/syntax/)
+* [`gomplate` functions documentation](https://docs.gomplate.ca/functions/)
 
 ### Fixing ownership on startup
 
diff --git a/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh b/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh
index 83e0abf3..add20b5d 100755
--- a/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh
+++ b/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh
@@ -4,7 +4,7 @@ source /docker/helpers.sh
 entrypoint-set-name "$0"
 
 # Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions
-run-as-runtime-user cp --recursive storage.skel/* storage/
+run-as-runtime-user cp --recursive storage.skel/ storage/
 
 # Ensure storage linkk are correctly configured
 run-as-runtime-user php artisan storage:link
diff --git a/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh b/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh
index 0a67e3fa..d5844d66 100755
--- a/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh
+++ b/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh
@@ -7,15 +7,15 @@ entrypoint-set-name "$0"
 : ${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS:=""}
 
 declare -a ensure_ownership_paths=()
-IFS=' ' read -a ensure_ownership_paths <<<"$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS"
+IFS=' ' read -a ensure_ownership_paths <<<"${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS}"
 
-if [[ ${#ensure_ownership_paths} == 0 ]]; then
+if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then
     log-info "No paths has been configured for ownership fixes via [\$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS]."
 
     exit 0
 fi
 
 for path in "${ensure_ownership_paths[@]}"; do
-    log-info "Ensure ownership of [${path}] correct"
-    chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}"
+    log-info "Ensure ownership of [${path}] is correct"
+    run-as-current-user chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}"
 done
diff --git a/contrib/docker/shared/root/docker/entrypoint.sh b/contrib/docker/shared/root/docker/entrypoint.sh
index c1e3064f..e17a1c42 100755
--- a/contrib/docker/shared/root/docker/entrypoint.sh
+++ b/contrib/docker/shared/root/docker/entrypoint.sh
@@ -50,7 +50,9 @@ find "${ENTRYPOINT_ROOT}" -follow -type f -print | sort -V | while read -r file;
             log-error-and-exit "File [${file}] is not executable (please 'chmod +x' it)"
         fi
 
+        log-info
         log-info "Sourcing [${file}]"
+        log-info
 
         source "${file}"
 
@@ -65,7 +67,10 @@ find "${ENTRYPOINT_ROOT}" -follow -type f -print | sort -V | while read -r file;
             log-error-and-exit "File [${file}] is not executable (please 'chmod +x' it)"
         fi
 
+        log-info
         log-info "Running [${file}]"
+        log-info
+
         "${file}"
         ;;
 
diff --git a/contrib/docker/shared/root/docker/helpers.sh b/contrib/docker/shared/root/docker/helpers.sh
index ce9ab266..d80dc0d2 100644
--- a/contrib/docker/shared/root/docker/helpers.sh
+++ b/contrib/docker/shared/root/docker/helpers.sh
@@ -1,9 +1,7 @@
 #!/bin/bash
 set -e -o errexit -o nounset -o pipefail
 
-: ${ENTRYPOINT_DEBUG:=0}
-
-[[ ${ENTRYPOINT_DEBUG} == 1 ]] && set -x
+[[ ${ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x
 
 # Some splash of color for important messages
 declare -g error_message_color="\033[1;31m"
@@ -40,14 +38,37 @@ function entrypoint-restore-name() {
 # @exitcode 0 if the command succeeeds
 # @exitcode 1 if the command fails
 function run-as-runtime-user() {
+    run-command-as "$(id -un ${RUNTIME_UID})" "${@}"
+}
+
+# @description Run a command as the [runtime user]
+# @arg $@ string The command to run
+# @exitcode 0 if the command succeeeds
+# @exitcode 1 if the command fails
+function run-as-current-user() {
+    run-command-as "$(id -un)" "${@}"
+}
+
+# @description Run a command as the a named user
+# @arg $1 string The user to run the command as
+# @arg $@ string The command to run
+# @exitcode 0 If the command succeeeds
+# @exitcode 1 If the command fails
+function run-command-as() {
     local -i exit_code
     local target_user
 
-    target_user=$(id -un ${RUNTIME_UID})
+    target_user=${1}
+    shift
 
-    log-info "👷 Running [${*}] as [${target_user}]"
+    log-info-stderr "👷 Running [${*}] as [${target_user}]"
+
+    if [[ ${target_user} != "root" ]]; then
+        su --preserve-environment "${target_user}" --shell /bin/bash --command "${*}"
+    else
+        "${@}"
+    fi
 
-    su --preserve-environment "${target_user}" --shell /bin/bash --command "${*}"
     exit_code=$?
 
     if [[ $exit_code != 0 ]]; then
@@ -55,7 +76,7 @@ function run-as-runtime-user() {
         return $exit_code
     fi
 
-    log-info "✅ OK!"
+    log-info-stderr "✅ OK!"
     return $exit_code
 }
 
@@ -92,6 +113,15 @@ function log-info() {
     fi
 }
 
+# @description Print the given message to stderr unless [ENTRYPOINT_QUIET_LOGS] is set
+# @arg $@ string A info message.
+# @stderr The info message provided with log prefix unless $ENTRYPOINT_QUIET_LOGS
+function log-info-stderr() {
+    if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "${log_prefix}$*"
+    fi
+}
+
 # @description Loads the dot-env files used by Docker and track the keys present in the configuration.
 # @sets seen_dot_env_variables array List of config keys discovered during loading
 function load-config-files() {