remove s3 docker, and fix ci npm release

.github/workflows/spa-client-release-npm.yml

@@ -15,7 +15,7 @@ jobs:
           registry-url: 'https://registry.npmjs.org'
           cache: 'npm'
           cache-dependency-path: './jsclient/package-lock.json'
-      - run: npm ci && npm build && npm publish
+      - run: npm ci && npm run build && npm publish
         working-directory: ./jsclient
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Makefile

@@ -17,9 +17,6 @@ ifeq ($(VERSION), )
 else
 	DOCKER_BUILDKIT=1 docker build . -t="ghcr.io/fornetcode/spa-server:$(VERSION)"
 	docker push fornetcode/spa-server:$(VERSION)
-	cd docker
-	DOCKER_BUILDKIT=1 docker build . -f S3FS.Dockerfile -t="ghcr.io/fornetcode/spa-server:$(VERSION)-s3"
-	docker push ghcr.io/fornetcode/spa-server:$(VERSION)-s3
 endif
 
 release-doc:

README.md

@@ -11,7 +11,7 @@ It is to provide a static web http server with cache and hot reload.
 - Hot reload support(Mac and Linux).
 - CORS support.
 - Http auto redirect to https.
-- Docker support(compressed size: 32M), and support S3 as storage by S3FS.
+- Docker support(compressed size: 32M)
 - Provide command line/npm package to deploy spa.
 - Multiple configs for different domain.
 

README_CN.md

@@ -10,7 +10,7 @@
 - 支持热更新(Mac and Linux)。
 - 支持 CORS 跨域
 - http/https 同时服务（http 也可返回 redirect https）。
-- 支持 Docker 镜像(压缩后大小:32M), 并通过S3FS 支持 S3 作为数据存储
+- 支持 Docker 镜像(压缩后大小:32M)
 - 提供 命令行/npm包 客户端，一行命令部署
 - 每个域名可拥有独立的配置
 

docker/S3FS.Dockerfile

@@ -4,7 +4,7 @@ ARG VERSION=2.0.0
 FROM ${BASE_IMAGE}:${VERSION} as Source
 
 
-FROM panubo/s3fs:1.87
+FROM efrecon/s3fs:1.94
 COPY --from=Source /test/config.conf /config/config.conf
 COPY --from=Source /usr/bin/spa-server /usr/bin/spa-server
 

docker/entry.sh

@@ -1,43 +1,153 @@
-#!/usr/bin/env bash
-# This is FROM S3FS
-set -e
-[ "${DEBUG:-false}" == 'true' ] && { set -x; S3FS_DEBUG='-d -d'; }
+#!/bin/sh
 
-# Defaults
-: ${AWS_S3_AUTHFILE:='/root/.s3fs'}
-: ${AWS_S3_MOUNTPOINT:='/mnt'}
-: ${AWS_S3_URL:='https://s3.amazonaws.com'}
-: ${S3FS_ARGS:=''}
+# Failsafe: Stop on errors and unset variables.
+set -eu
 
-# If no command specified, print error
-[ "$1" == "" ] && set -- "$@" bash -c 'echo "Error: Please specify a command to run."; exit 128'
+# Debug
+S3FS_DEBUG=${S3FS_DEBUG:-"0"}
 
-# Configuration checks
-if [ -z "$AWS_STORAGE_BUCKET_NAME" ]; then
-    echo "Error: AWS_STORAGE_BUCKET_NAME is not specified"
-    exit 128
+# Env file
+AWS_S3_ENVFILE=${AWS_S3_ENVFILE:-""}
+
+_verbose() {
+  if [ "$S3FS_DEBUG" = "1" ]; then
+    printf %s\\n "$1" >&2
+  fi
+}
+
+_error() {
+  printf %s\\n "$1" >&2
+  exit 1
+}
+
+# Read the content of the environment file, i.e. a file used to set the value of
+# all/some variables.
+if [ -n "$AWS_S3_ENVFILE" ]; then
+    # Read and export lines that set variables in all-caps and starting with
+    # S3FS_ or AWS_ from the configuration file. This is a security measure to
+    # crudly protect against evaluating some evil code (but it will still
+    # evaluate code as part of the value, so use it with care!)
+    _verbose "Reading configuration from $AWS_S3_ENVFILE"
+    while IFS= read -r line; do
+        eval export "$line"
+    done <<EOF
+$(grep -E '^(S3FS|AWS_S3)_[A-Z_]+=' "$AWS_S3_ENVFILE")
+EOF
+fi
+
+# S3 main URL
+AWS_S3_URL=${AWS_S3_URL:-"https://s3.amazonaws.com"}
+
+# Root directory for settings and bucket.
+AWS_S3_ROOTDIR=${AWS_S3_ROOTDIR:-"/opt/s3fs"}
+
+# Where are we going to mount the remote bucket resource in our container.
+AWS_S3_MOUNT=${AWS_S3_MOUNT:-"${AWS_S3_ROOTDIR%/}/bucket"}
+
+# Authorisation details
+AWS_S3_ACCESS_KEY_ID=${AWS_S3_ACCESS_KEY_ID:-""}
+AWS_S3_ACCESS_KEY_ID_FILE=${AWS_S3_ACCESS_KEY_ID_FILE:-""}
+AWS_S3_SECRET_ACCESS_KEY=${AWS_S3_SECRET_ACCESS_KEY:-""}
+AWS_S3_SECRET_ACCESS_KEY_FILE=${AWS_S3_SECRET_ACCESS_KEY_FILE:-""}
+AWS_S3_AUTHFILE=${AWS_S3_AUTHFILE:-""}
+
+# Check variables and defaults
+if [ -z "$AWS_S3_ACCESS_KEY_ID" ] && \
+    [ -z "$AWS_S3_ACCESS_KEY_ID_FILE" ] && \
+    [ -z "$AWS_S3_SECRET_ACCESS_KEY" ] && \
+    [ -z "$AWS_S3_SECRET_ACCESS_KEY_FILE" ] && \
+    [ -z "$AWS_S3_AUTHFILE" ]; then
+    _error "You need to provide some credentials!!"
+fi
+if [ -z "${AWS_S3_BUCKET}" ]; then
+    _error "No bucket name provided!"
+fi
+
+# Read AWS S3 Access Key ID from file
+if [ -n "${AWS_S3_ACCESS_KEY_ID_FILE}" ]; then
+    # shellcheck disable=SC2229   # We WANT to read the content of the file pointed by the variable!
+    read -r AWS_S3_ACCESS_KEY_ID < "${AWS_S3_ACCESS_KEY_ID_FILE}"
+fi
+
+# Read AWS S3 Secret Access Key from file
+if [ -n "${AWS_S3_SECRET_ACCESS_KEY_FILE}" ]; then
+    # shellcheck disable=SC2229   # We WANT to read the content of the file pointed by the variable!
+    read -r AWS_S3_SECRET_ACCESS_KEY < "${AWS_S3_SECRET_ACCESS_KEY_FILE}"
+fi
+
+# Create or use authorisation file
+if [ -z "${AWS_S3_AUTHFILE}" ]; then
+    AWS_S3_AUTHFILE=${AWS_S3_ROOTDIR%/}/passwd-s3fs
+    echo "${AWS_S3_ACCESS_KEY_ID}:${AWS_S3_SECRET_ACCESS_KEY}" > "${AWS_S3_AUTHFILE}"
+    chmod 600 "${AWS_S3_AUTHFILE}"
+fi
+
+# Forget about the secret once done (this will have proper effects when the
+# PASSWORD_FILE-version of the setting is used)
+if [ -n "${AWS_S3_ACCESS_KEY_ID}" ]; then
+    unset AWS_S3_ACCESS_KEY_ID
+fi
+
+# Forget about the secret once done (this will have proper effects when the
+# PASSWORD_FILE-version of the setting is used)
+if [ -n "${AWS_S3_SECRET_ACCESS_KEY}" ]; then
+    unset AWS_S3_SECRET_ACCESS_KEY
+fi
+
+# Create destination directory if it does not exist.
+if [ ! -d "$AWS_S3_MOUNT" ]; then
+    mkdir -p "$AWS_S3_MOUNT"
+fi
+
+# Add a group, default to naming it after the GID when not found
+GROUP_NAME=$(getent group "$GID" | cut -d":" -f1)
+if [ "$GID" -gt 0 ] && [ -z "$GROUP_NAME" ]; then
+    _verbose "Add group $GID"
+    addgroup -g "$GID" -S "$GID"
+    GROUP_NAME=$GID
 fi
 
-if [ ! -f "${AWS_S3_AUTHFILE}" ] && [ -z "$AWS_ACCESS_KEY_ID" ]; then
-    echo "Error: AWS_ACCESS_KEY_ID not specified, or ${AWS_S3_AUTHFILE} not provided"
-    exit 128
+# Add a user, default to naming it after the UID.
+RUN_AS=${RUN_AS:-""}
+if [ "$UID" -gt 0 ]; then
+    USER_NAME=$(getent passwd "$UID" | cut -d":" -f1)
+    if [ -z "$USER_NAME" ]; then
+        _verbose "Add user $UID, turning on rootless-mode"
+        adduser -u "$UID" -D -G "$GROUP_NAME" "$UID"
+    else
+        _verbose "Running as user $UID, turning on rootless-mode"
+    fi
+    RUN_AS=$UID
+    chown "${UID}:${GID}" "$AWS_S3_MOUNT" "${AWS_S3_AUTHFILE}" "$AWS_S3_ROOTDIR"
 fi
 
-if [ ! -f "${AWS_S3_AUTHFILE}" ] && [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
-    echo "Error: AWS_SECRET_ACCESS_KEY not specified, or ${AWS_S3_AUTHFILE} not provided"
-    exit 128
+# Debug options
+DEBUG_OPTS=
+if [ "$S3FS_DEBUG" = "1" ]; then
+    DEBUG_OPTS="-d -d"
 fi
 
-# Write auth file if it does not exist
-if [ ! -f "${AWS_S3_AUTHFILE}" ]; then
-   echo "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" > ${AWS_S3_AUTHFILE}
-   chmod 400 ${AWS_S3_AUTHFILE}
+# Additional S3FS options
+if [ -n "$S3FS_ARGS" ]; then
+    S3FS_ARGS="-o $S3FS_ARGS"
 fi
 
-echo "==> Mounting S3 Filesystem"
-mkdir -p ${AWS_S3_MOUNTPOINT}
+# Mount as the requested used.
+_verbose "Mounting bucket ${AWS_S3_BUCKET} onto ${AWS_S3_MOUNT}, owner: $UID:$GID"
+su - $RUN_AS -c "s3fs $DEBUG_OPTS ${S3FS_ARGS} \
+    -o passwd_file=${AWS_S3_AUTHFILE} \
+    -o "url=${AWS_S3_URL}" \
+    -o uid=$UID \
+    -o gid=$GID \
+    ${AWS_S3_BUCKET} ${AWS_S3_MOUNT}"
 
-# s3fs mount command
-s3fs $S3FS_DEBUG $S3FS_ARGS -o passwd_file=${AWS_S3_AUTHFILE} -o url=${AWS_S3_URL} ${AWS_STORAGE_BUCKET_NAME} ${AWS_S3_MOUNTPOINT}
+# s3fs can claim to have a mount even though it didn't succeed. Doing an
+# operation actually forces it to detect that and remove the mount.
+su - $RUN_AS -c "stat ${AWS_S3_MOUNT}"
 
-exec /spa-server
+if healthcheck.sh; then
+    echo "Mounted bucket ${AWS_S3_BUCKET} onto ${AWS_S3_MOUNT}"
+    exec /spa-server "$@"
+else
+    _error "Mount failure"
+fi

docs/guide/spa-server-release-package.md

@@ -2,9 +2,6 @@
 ## Docker Image
 The docker image is distributed at `Github Packages` as `ghcr.io/fornetcode/spa-server`.
 
-### AWS S3 Support
-We support S3 storage by docker `panubo/docker-s3fs`, and release as `ghcr.io/fornetcode/spa-server:${version}-s3`, all configure about S3fs fuse can be found [here](https://github.com/panubo/docker-s3fs).
-
 ## From Code
 There no plan to release binary package. You can `git clone` the code and build yourself.