Fix to permissions in docker container

pSpitzner · Nov 7, 2024 · 84e85dd · 84e85dd
1 parent f62b53e
commit 84e85dd
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 37 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -29,4 +29,4 @@
 
 !README.md
 !LICENSE
-!entrypoint.sh
+!entrypoint*.sh
diff --git a/.github/workflows/docker_hub.yml b/.github/workflows/docker_hub.yml
@@ -1,10 +1,12 @@
-name: ci
+name: docker-hub
 
 on:
     push:
         tags:
             - "v*.*.*"
             - "test-*"
+    workflow_dispatch:
+
 jobs:
     docker:
         runs-on: ubuntu-latest

diff --git a/Dockerfile b/Dockerfile
@@ -2,11 +2,8 @@ FROM python:3.11-alpine AS base
 
 FROM base AS deps
 
-ARG USER_ID
-ARG GROUP_ID
-ENV USER_ID=$USER_ID
-ENV GROUP_ID=$GROUP_ID
-RUN addgroup -g $GROUP_ID beetle && adduser -D -u $USER_ID -G beetle beetle
+RUN addgroup -g 1000 beetle && \ 
+    adduser -D -u 1000 -G beetle beetle
 
 # map beets directory and our configs to /config
 RUN mkdir -p /config/beets
@@ -31,7 +28,8 @@ RUN --mount=type=cache,target=/var/cache/apk \
     bash \
     keyfinder-cli \
     npm \
-    tmux
+    tmux \ 
+    shadow 
 
 # Install our package (backend)
 COPY ./backend /repo/backend
@@ -53,7 +51,7 @@ ENV IB_SERVER_CONFIG="dev_docker"
 
 # relies on mounting this volume
 WORKDIR /repo
-USER beetle
+USER root
 ENTRYPOINT ["./entrypoint_dev.sh"]
 
 # ------------------------------------------------------------------------------------ #
@@ -66,7 +64,7 @@ WORKDIR /repo
 COPY --from=deps --chown=beetle:beetle /repo /repo
 COPY entrypoint_test.sh .
 ENV IB_SERVER_CONFIG="test"
-USER beetle
+USER root
 ENTRYPOINT ["./entrypoint_test.sh"]
 
 # ------------------------------------------------------------------------------------ #
@@ -97,7 +95,8 @@ WORKDIR /repo
 COPY --from=deps /repo /repo
 COPY --from=build /repo/frontend/dist /repo/frontend/dist
 COPY entrypoint.sh .
+COPY entrypoint_fix_permissions.sh .
 RUN chown -R beetle:beetle /repo
 
-USER beetle
-ENTRYPOINT ["./entrypoint.sh"]
+USER root
+ENTRYPOINT ["/bin/sh", "-c", "./entrypoint_fix_permissions.sh && su beetle -c ./entrypoint.sh"]
diff --git a/docker-compose-dev.yaml b/docker-compose-dev.yaml
@@ -6,16 +6,15 @@ services:
             context: .
             dockerfile: Dockerfile
             target: dev
-            args:
-                # 502 is default on macos, 1000 on linux
-                USER_ID: 1000
-                GROUP_ID: 1000
         image: beets-flask
         restart: unless-stopped
         ports:
             - "5001:5001" # production and backend
             - "5173:5173" # for vite dev server
         environment:
+            # 502 is default on macos, 1000 on linux
+            USER_ID: 1000
+            GROUP_ID: 1000
             LOG_LEVEL_BEETSFLASK: DEBUG # this is used for our own logs. (set beets level via the config)
             LOG_LEVEL_OTHERS: WARNING # this is passed python logging basic config (all other modules)
         volumes:

diff --git a/docker-compose-tests.yaml b/docker-compose-tests.yaml
@@ -1,18 +1,18 @@
 services:
-  beets-flask-tests:
-    container_name: beets-flask-tests
-    hostname: beets-container
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: test
-      args:
-        # 502 is default on macos, 1000 on linux
-        USER_ID: 502
-        GROUP_ID: 502
-    image: beets-flask-tests
-    ports:
-      - "5001:5001"
-      - "5173:5173"
-    volumes:
-      - ./:/repo/
+    beets-flask-tests:
+        container_name: beets-flask-tests
+        hostname: beets-container
+        build:
+            context: .
+            dockerfile: Dockerfile
+            target: test
+        image: beets-flask-tests
+        ports:
+            - "5001:5001"
+            - "5173:5173"
+        environment:
+            # 502 is default on macos, 1000 on linux
+            USER_ID: 502
+            GROUP_ID: 502
+        volumes:
+            - ./:/repo/
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -6,15 +6,14 @@ services:
             context: .
             dockerfile: Dockerfile
             target: prod
-            args:
-                # 502 is default on macos, 1000 on linux
-                USER_ID: 1000
-                GROUP_ID: 1000
         image: beets-flask
         restart: unless-stopped
         ports:
             - "5001:5001" # production and backend
         environment:
+            # 502 is default on macos, 1000 on linux
+            USER_ID: 1000
+            GROUP_ID: 1000
             LOG_LEVEL_BEETSFLASK: INFO # this is used for our own logs. (set beets level via the config)
             LOG_LEVEL_OTHERS: WARNING # this is passed python logging basic config (all other modules)
         volumes:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+
 echo "Running as"
 id
 

diff --git a/entrypoint_fix_permissions.sh b/entrypoint_fix_permissions.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ ! -z "$USER_ID" ] && [ ! -z "$GROUP_ID" ]; then
+    echo "Updating UID to $USER_ID and GID to $GROUP_ID"
+    groupmod -g $GROUP_ID beetle
+    usermod -u $USER_ID -g $GROUP_ID beetle
+    chown -R beetle:beetle /home/beetle
+    chown -R beetle:beetle /repo
+fi