add dockerfile

.dockerignore

@@ -0,0 +1,5 @@
+node_modules
+build
+config.yaml
+database.db
+steam-registration.yaml

Dockerfile

@@ -0,0 +1,36 @@
+FROM node:latest AS builder
+
+WORKDIR /opt/mx-puppet-steam
+
+# run build process as user in case of npm pre hooks
+# pre hooks are not executed while running as root
+RUN chown node:node /opt/mx-puppet-steam
+USER node
+
+COPY package.json package-lock.json ./
+RUN npm install
+
+COPY tsconfig.json ./
+COPY src/ ./src/
+RUN npm run build
+
+
+FROM node:alpine
+
+VOLUME /data
+
+ENV CONFIG_PATH=/data/config.yaml \
+    REGISTRATION_PATH=/data/steam-registration.yaml
+
+# su-exec is used by docker-run.sh to drop privileges
+RUN apk add --no-cache su-exec
+
+WORKDIR /opt/mx-puppet-steam
+COPY docker-run.sh ./
+COPY --from=builder /opt/mx-puppet-steam/node_modules/ ./node_modules/
+COPY --from=builder /opt/mx-puppet-steam/build/ ./build/
+
+# change workdir to /data so relative paths in the config.yaml
+# point to the persisten volume
+WORKDIR /data
+ENTRYPOINT ["/opt/mx-puppet-steam/docker-run.sh"]

docker-run.sh

@@ -0,0 +1,38 @@
+#!/bin/sh -e
+
+if [ ! -f "$CONFIG_PATH" ]; then
+	echo 'No config found'
+	exit 1
+fi
+
+args="$@"
+
+if [ ! -f "$REGISTRATION_PATH" ]; then
+	echo 'No registration found, generating now'
+	args="-r"
+fi
+
+
+# if no --uid is supplied, prepare files to drop privileges
+if [ "$(id -u)" = 0 ]; then
+	chown node:node /data
+
+	if find *.db > /dev/null 2>&1; then
+		# make sure sqlite files are writeable
+		chown node:node *.db
+	fi
+	if find *.log.* > /dev/null 2>&1; then
+		# make sure log files are writeable
+		chown node:node *.log.*
+	fi
+
+	su_exec='su-exec node:node'
+else
+	su_exec=''
+fi
+
+# $su_exec is used in case we have to drop the privileges
+exec $su_exec /usr/local/bin/node '/opt/mx-puppet-steam/build/index.js' \
+     -c "$CONFIG_PATH" \
+     -f "$REGISTRATION_PATH" \
+     $args