From ec38d0b1c22f77b8b41cf24bd66ea55d8fe5f9c9 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Mon, 13 Apr 2026 16:17:13 +0200 Subject: [PATCH] feat: merge bootstrap into cameleer-logto image Adds logto-entrypoint.sh that seeds DB, starts Logto, waits for health, runs bootstrap, then keeps Logto running. Eliminates the separate logto-bootstrap init container. --- docker/cameleer-logto/logto-entrypoint.sh | 41 +++++++++++++++++++++++ docker/logto-bootstrap.sh | 10 ++++-- ui/sign-in/Dockerfile | 20 +++++++++-- 3 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 docker/cameleer-logto/logto-entrypoint.sh diff --git a/docker/cameleer-logto/logto-entrypoint.sh b/docker/cameleer-logto/logto-entrypoint.sh new file mode 100644 index 0000000..24a1589 --- /dev/null +++ b/docker/cameleer-logto/logto-entrypoint.sh @@ -0,0 +1,41 @@ +#!/bin/sh +set -e + +echo "[entrypoint] Seeding Logto database..." +npm run cli db seed -- --swe 2>/dev/null || true + +echo "[entrypoint] Starting Logto..." +npm start & +LOGTO_PID=$! + +echo "[entrypoint] Waiting for Logto to be ready..." +for i in $(seq 1 120); do + if node -e "require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))" 2>/dev/null; then + echo "[entrypoint] Logto is ready." + break + fi + if [ "$i" -eq 120 ]; then + echo "[entrypoint] ERROR: Logto not ready after 120s" + exit 1 + fi + sleep 1 +done + +# Run bootstrap if not already done +BOOTSTRAP_FILE="/data/logto-bootstrap.json" +if [ -f "$BOOTSTRAP_FILE" ]; then + CACHED_SECRET=$(jq -r '.m2mClientSecret // empty' "$BOOTSTRAP_FILE" 2>/dev/null) + CACHED_SPA=$(jq -r '.spaClientId // empty' "$BOOTSTRAP_FILE" 2>/dev/null) + if [ -n "$CACHED_SECRET" ] && [ -n "$CACHED_SPA" ]; then + echo "[entrypoint] Bootstrap already complete." + else + echo "[entrypoint] Incomplete bootstrap found, re-running..." + /scripts/logto-bootstrap.sh + fi +else + echo "[entrypoint] Running bootstrap..." + /scripts/logto-bootstrap.sh +fi + +echo "[entrypoint] Logto is running (PID $LOGTO_PID)." +wait $LOGTO_PID diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh index e82e43d..97891db 100644 --- a/docker/logto-bootstrap.sh +++ b/docker/logto-bootstrap.sh @@ -47,8 +47,14 @@ TRAD_POST_LOGOUT_URIS="[\"${PROTO}://${HOST}\",\"${PROTO}://${HOST}/server\",\"$ log() { echo "[bootstrap] $1"; } pgpass() { PGPASSWORD="${PG_PASSWORD:-cameleer_dev}"; export PGPASSWORD; } -# Install jq + curl -apk add --no-cache jq curl >/dev/null 2>&1 +# Install jq + curl if not already available (deps are baked into cameleer-logto image) +if ! command -v jq >/dev/null 2>&1 || ! command -v curl >/dev/null 2>&1; then + if command -v apk >/dev/null 2>&1; then + apk add --no-cache jq curl >/dev/null 2>&1 + elif command -v apt-get >/dev/null 2>&1; then + apt-get update -qq && apt-get install -y -qq jq curl >/dev/null 2>&1 + fi +fi # Read cached secrets from previous run if [ -f "$BOOTSTRAP_FILE" ]; then diff --git a/ui/sign-in/Dockerfile b/ui/sign-in/Dockerfile index 60acef8..cda694e 100644 --- a/ui/sign-in/Dockerfile +++ b/ui/sign-in/Dockerfile @@ -1,12 +1,28 @@ # syntax=docker/dockerfile:1 +# Stage 1: Build custom sign-in UI FROM --platform=$BUILDPLATFORM node:22-alpine AS build ARG REGISTRY_TOKEN WORKDIR /ui -COPY package.json package-lock.json .npmrc ./ +COPY ui/sign-in/package.json ui/sign-in/package-lock.json ui/sign-in/.npmrc ./ RUN --mount=type=cache,target=/root/.npm echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci -COPY . . +COPY ui/sign-in/ . RUN npm run build +# Stage 2: Logto with sign-in UI + bootstrap FROM ghcr.io/logto-io/logto:latest + +# Install bootstrap dependencies (curl, jq for API calls; postgresql-client for DB reads) +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl jq postgresql-client \ + && rm -rf /var/lib/apt/lists/* + +# Custom sign-in UI COPY --from=build /ui/dist/ /etc/logto/packages/experience/dist/ + +# Bootstrap scripts +COPY docker/logto-bootstrap.sh /scripts/logto-bootstrap.sh +COPY docker/cameleer-logto/logto-entrypoint.sh /scripts/entrypoint.sh +RUN chmod +x /scripts/*.sh + +ENTRYPOINT ["/scripts/entrypoint.sh"]