From 84e85dd756b84cb45b1a953e85100792032fb971 Mon Sep 17 00:00:00 2001 From: Sebastian Mohr Date: Thu, 7 Nov 2024 18:39:39 +0100 Subject: [PATCH] Fix to permissions in docker container --- .dockerignore | 2 +- .github/workflows/docker_hub.yml | 4 +++- Dockerfile | 19 +++++++++--------- docker-compose-dev.yaml | 7 +++---- docker-compose-tests.yaml | 34 ++++++++++++++++---------------- docker-compose.yaml | 7 +++---- entrypoint.sh | 1 + entrypoint_fix_permissions.sh | 9 +++++++++ 8 files changed, 46 insertions(+), 37 deletions(-) create mode 100755 entrypoint_fix_permissions.sh diff --git a/.dockerignore b/.dockerignore index 07e1f7d..6b598aa 100644 --- a/.dockerignore +++ b/.dockerignore @@ -29,4 +29,4 @@ !README.md !LICENSE -!entrypoint.sh +!entrypoint*.sh diff --git a/.github/workflows/docker_hub.yml b/.github/workflows/docker_hub.yml index 9518f17..5b0bd56 100644 --- a/.github/workflows/docker_hub.yml +++ b/.github/workflows/docker_hub.yml @@ -1,10 +1,12 @@ -name: ci +name: docker-hub on: push: tags: - "v*.*.*" - "test-*" + workflow_dispatch: + jobs: docker: runs-on: ubuntu-latest diff --git a/Dockerfile b/Dockerfile index 6118d07..87883d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,8 @@ FROM python:3.11-alpine AS base FROM base AS deps -ARG USER_ID -ARG GROUP_ID -ENV USER_ID=$USER_ID -ENV GROUP_ID=$GROUP_ID -RUN addgroup -g $GROUP_ID beetle && adduser -D -u $USER_ID -G beetle beetle +RUN addgroup -g 1000 beetle && \ + adduser -D -u 1000 -G beetle beetle # map beets directory and our configs to /config RUN mkdir -p /config/beets @@ -31,7 +28,8 @@ RUN --mount=type=cache,target=/var/cache/apk \ bash \ keyfinder-cli \ npm \ - tmux + tmux \ + shadow # Install our package (backend) COPY ./backend /repo/backend @@ -53,7 +51,7 @@ ENV IB_SERVER_CONFIG="dev_docker" # relies on mounting this volume WORKDIR /repo -USER beetle +USER root ENTRYPOINT ["./entrypoint_dev.sh"] # ------------------------------------------------------------------------------------ # @@ -66,7 +64,7 @@ WORKDIR /repo COPY --from=deps --chown=beetle:beetle /repo /repo COPY entrypoint_test.sh . ENV IB_SERVER_CONFIG="test" -USER beetle +USER root ENTRYPOINT ["./entrypoint_test.sh"] # ------------------------------------------------------------------------------------ # @@ -97,7 +95,8 @@ WORKDIR /repo COPY --from=deps /repo /repo COPY --from=build /repo/frontend/dist /repo/frontend/dist COPY entrypoint.sh . +COPY entrypoint_fix_permissions.sh . RUN chown -R beetle:beetle /repo -USER beetle -ENTRYPOINT ["./entrypoint.sh"] +USER root +ENTRYPOINT ["/bin/sh", "-c", "./entrypoint_fix_permissions.sh && su beetle -c ./entrypoint.sh"] diff --git a/docker-compose-dev.yaml b/docker-compose-dev.yaml index 1ec7a40..db0d408 100644 --- a/docker-compose-dev.yaml +++ b/docker-compose-dev.yaml @@ -6,16 +6,15 @@ services: context: . dockerfile: Dockerfile target: dev - args: - # 502 is default on macos, 1000 on linux - USER_ID: 1000 - GROUP_ID: 1000 image: beets-flask restart: unless-stopped ports: - "5001:5001" # production and backend - "5173:5173" # for vite dev server environment: + # 502 is default on macos, 1000 on linux + USER_ID: 1000 + GROUP_ID: 1000 LOG_LEVEL_BEETSFLASK: DEBUG # this is used for our own logs. (set beets level via the config) LOG_LEVEL_OTHERS: WARNING # this is passed python logging basic config (all other modules) volumes: diff --git a/docker-compose-tests.yaml b/docker-compose-tests.yaml index 87214de..765ede0 100644 --- a/docker-compose-tests.yaml +++ b/docker-compose-tests.yaml @@ -1,18 +1,18 @@ services: - beets-flask-tests: - container_name: beets-flask-tests - hostname: beets-container - build: - context: . - dockerfile: Dockerfile - target: test - args: - # 502 is default on macos, 1000 on linux - USER_ID: 502 - GROUP_ID: 502 - image: beets-flask-tests - ports: - - "5001:5001" - - "5173:5173" - volumes: - - ./:/repo/ + beets-flask-tests: + container_name: beets-flask-tests + hostname: beets-container + build: + context: . + dockerfile: Dockerfile + target: test + image: beets-flask-tests + ports: + - "5001:5001" + - "5173:5173" + environment: + # 502 is default on macos, 1000 on linux + USER_ID: 502 + GROUP_ID: 502 + volumes: + - ./:/repo/ diff --git a/docker-compose.yaml b/docker-compose.yaml index 3780d27..35ec235 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,15 +6,14 @@ services: context: . dockerfile: Dockerfile target: prod - args: - # 502 is default on macos, 1000 on linux - USER_ID: 1000 - GROUP_ID: 1000 image: beets-flask restart: unless-stopped ports: - "5001:5001" # production and backend environment: + # 502 is default on macos, 1000 on linux + USER_ID: 1000 + GROUP_ID: 1000 LOG_LEVEL_BEETSFLASK: INFO # this is used for our own logs. (set beets level via the config) LOG_LEVEL_OTHERS: WARNING # this is passed python logging basic config (all other modules) volumes: diff --git a/entrypoint.sh b/entrypoint.sh index 54cc195..e85a2d1 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/sh + echo "Running as" id diff --git a/entrypoint_fix_permissions.sh b/entrypoint_fix_permissions.sh new file mode 100755 index 0000000..5e0fdf6 --- /dev/null +++ b/entrypoint_fix_permissions.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +if [ ! -z "$USER_ID" ] && [ ! -z "$GROUP_ID" ]; then + echo "Updating UID to $USER_ID and GID to $GROUP_ID" + groupmod -g $GROUP_ID beetle + usermod -u $USER_ID -g $GROUP_ID beetle + chown -R beetle:beetle /home/beetle + chown -R beetle:beetle /repo +fi \ No newline at end of file