From 747c62374dc75ece845b6df69687b803692f348e Mon Sep 17 00:00:00 2001
From: Matt Blewitt <118200221+mble-sfdc@users.noreply.github.com>
Date: Wed, 15 May 2024 15:05:02 +0100
Subject: [PATCH] exit on heroku-24, add error messaging

---
 Dockerfile        | 2 ++
 bin/compile       | 8 ++++++++
 bin/start-stunnel | 8 ++++++++
 3 files changed, 18 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 5632d0c..7571fba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,6 +5,7 @@ FROM $BUILD_IMAGE AS builder
 ARG STACK
 
 # Emulate the platform where root access is not available
+USER root
 RUN useradd -d /app non-root-user
 RUN mkdir -p /app /cache /env
 RUN chown non-root-user /app /cache /env
@@ -20,6 +21,7 @@ RUN env -i PATH=$PATH HOME=$HOME STACK=$STACK /buildpack/bin/compile /app /cache
 
 
 FROM $RUNTIME_IMAGE
+USER root
 RUN useradd -d /app non-root-user
 USER non-root-user
 COPY --from=builder --chown=non-root-user /app /app
diff --git a/bin/compile b/bin/compile
index 6119d12..f337532 100755
--- a/bin/compile
+++ b/bin/compile
@@ -13,6 +13,14 @@ unset GIT_DIR
 BUILD_DIR=$1
 BUILDPACK_DIR="$(dirname $(dirname $0))"
 
+STUNNEL=$(command -v stunnel4)
+
+if [ -z $STUNNEL ]; then
+    echo "------> stunnel not detected! stunnel not supported on heroku-24+"
+    echo "------> this buildpack is not required for Redis 6+: https://devcenter.heroku.com/articles/heroku-redis#security-and-compliance"
+    exit 1
+fi
+
 echo "-----> Moving the configuration generation script into app/bin"
 mkdir -p $BUILD_DIR/bin
 cp "$BUILDPACK_DIR/bin/stunnel-conf.sh" $BUILD_DIR/bin/stunnel-conf.sh
diff --git a/bin/start-stunnel b/bin/start-stunnel
index 3310f7f..3daf664 100755
--- a/bin/start-stunnel
+++ b/bin/start-stunnel
@@ -1,6 +1,14 @@
 #!/usr/bin/env bash
 
 main() {
+  STUNNEL=$(command -v stunnel4)
+
+  if [ -z $STUNNEL ]; then
+      echo "buildpack=stunnel at=error stunnel not detected! stunnel not supported on heroku-24+"
+      echo "buildpack=stunnel at=error this buildpack is not required for Redis 6+: https://devcenter.heroku.com/articles/heroku-redis#security-and-compliance"
+      exit 1
+  fi
+
   if ! is-enabled "${STUNNEL_ENABLED:-1}"; then
     at stunnel-disabled
     exec "$@"