From eedb1ab97551e356a9a94df839cc724a452d289d Mon Sep 17 00:00:00 2001
From: Bo Lu <lv.patrick@gmail.com>
Date: Wed, 31 Aug 2022 10:57:04 +1000
Subject: [PATCH] add docker-entrypoint file to support docker file secrets

---
 Dockerfile           |  1 +
 docker-entrypoint.sh | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100755 docker-entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index 3ecc3301..1c9c6041 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,5 +13,6 @@ COPY --from=build /usr/src/app/node_modules node_modules
 COPY --from=build /usr/src/app/bin bin
 COPY package.json ./
 ENV PG_META_PORT=8080
+ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["npm", "run", "start"]
 EXPOSE 8080
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 00000000..59ff0ef3
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# load secrets either from environment variables or files
+file_env 'PG_META_DB_PASSWORD'
+
+exec "${@}"
+