struct(entrypoint): skeleton entrypoint script

- basic operation flow with placeholder functions
- implement server and shell launch
- allow commands to pass to shell
- update Dockerfile to load entrypoint only
- update Dockerfile to set permissions for certs directory

build/Dockerfile

@@ -11,13 +11,17 @@ RUN deluser --remove-home node \
     && addgroup -g ${NODE_UID} -S node \
     && adduser -G node -S -u ${NODE_UID} node
 
+# create default volumes in-case user forgets, expose default port
+VOLUME [ "/var/watch", "/var/certs" ]
+EXPOSE 35729
+
 # add tini, timezone support and create certificate directories
 RUN apk --update --no-cache add \
     tini \
     tzdata \
-    && mkdir /certs \
     && chown node:node /certs \
-    && chmod 700 certs
+    && chmod 700 certs \
+    && chmod +r /var/watch
 
 # labels
 LABEL org.opencontainers.image.authors="Asif Bacchus <asif@asifbacchus.dev>"
@@ -27,10 +31,6 @@ LABEL org.opencontainers.image.url="https://git.asifbacchus.dev/ab-docker/livere
 LABEL org.opencontainers.image.documentation="https://git.asifbacchus.dev/ab-docker/livereload/raw/branch/master/README.md"
 LABEL org.opencontainers.image.source="https://git.asifbacchus.dev/ab-docker/livereload.git"
 
-# create default volume in-case user forgets, expose default port
-VOLUME [ "/var/watch" ]
-EXPOSE 35729
-
 # default environment variables
 ENV NODE_ENV=production
 ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
@@ -49,10 +49,10 @@ RUN mkdir -p .npm-global/bin .npm-global/lib \
     && npm config set update-notifier false \
     && npm install livereload --save
 COPY [ "livereload.js", "livereload.js" ]
+COPY [ "entrypoint.sh", "/usr/local/bin/entrypoint.sh" ]
 
 # run server via tini by default
-ENTRYPOINT [ "/sbin/tini", "--" ]
+ENTRYPOINT [ "/sbin/tini", "--", "/usr/local/bin/entrypoint.sh" ]
-CMD [ "node", "livereload.js" ]
 
 # set build timestamp and version labels
 ARG BUILD_DATE

build/entrypoint.sh

@@ -0,0 +1,89 @@
+#!/bin/sh
+
+#
+# entrypoint script for livereload-tls-npm container
+#
+
+# functions
+certificateGenerateNew() {
+    printf "\nGenerating new self-signed certificate:\n"
+    printf "Exporting new certificate:\n"
+    exit 0
+}
+
+certificateShow() {
+    printf "\nCurrently loaded certificate:\n"
+    exit 0
+}
+
+certificateExport() {
+    printf "\nExporting currently loaded certificate:\n"
+    exit 0
+}
+
+# default variable values
+doCertExport=0
+doCertNew=0
+doCertShow=0
+doServer=0
+doShell=0
+
+# process action parameter
+case "$1" in
+listen | server | run | start)
+    doServer=1
+    ;;
+shell) ;;
+
+new-cert)
+    doCertNew=1
+    ;;
+show-cert)
+    doCertShow=1
+    ;;
+export-cert)
+    doCertExport=1
+    ;;
+*)
+    # invalid or unknown option
+    printf "\nUnknown action requested: %s\n" "$1"
+    printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert | export-cert"
+    exit 1
+    ;;
+esac
+
+# action: run server
+if [ "$doServer" -eq 1 ]; then
+    exec "node livereload.js"
+    exit "$?"
+fi
+
+# action: drop to shell
+if [ "$doShell" -eq 1 ]; then
+    exec /bin/sh "$@"
+    exit "$?"
+fi
+
+# action: generate new self-signed certificate
+if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew; fi
+
+# action: show loaded certificate
+if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
+
+# action: export loaded certificate
+if [ "$doCertExport" -eq 1 ]; then certificateExport; fi
+
+# failsafe exit - terminate with code 99: this code should never be executed!
+exit 99
+
+# exit codes:
+# 0:   normal exit, no errors
+# 1:   invalid or invalid parameter passed to script
+# 50:  certificate errors
+# 51:    unable to read certificate/chain
+# 52:    unable to read private key
+# 55:    unable to generate new certificate
+# 56:    unable to export certificate, likely write error
+# 99:  code error
+
+#EOF