[Docker] Default to running as root

Previous setups will already contain folders created as root. Making a different user the default will break these setups. So just make it opt-in instead.
2024-01-15 08:59:56 +00:00 · 2024-01-15 08:59:56 +00:00 · 7826b72835
commit 7826b72835
parent f8d54b65bb
5 changed files with 10 additions and 6 deletions
--- a/.devcontainer/docker-compose.extend.yml
+++ b/.devcontainer/docker-compose.extend.yml
@ -5,6 +5,7 @@ services:
  # https://github.com/microsoft/vscode-remote-release/issues/8734
  dev-container:
    image: e621
+    user: ${DOCKER_USER:-root}
    environment:
      RAILS_ENV: development
    volumes:
--- a/.env.sample
+++ b/.env.sample
@ -38,12 +38,13 @@
 #

 #
-# When using the Dev Container in Linux, you must set these variables to avoid file permission errors.
-# If not set the container will default to the root user and modified files will only be accesible to
-# root on your host as well. Use `id -u` to print the UID and `id -g` for the GID.
+# When wanting to run as the non-root user, you must set these variables to
+# avoid file permission errors. If not set the container will default
+# to the root user. Use `id -u` to print the UID and `id -g` for the GID.
 #
 # HOST_UID=
 # HOST_GID=
+# DOCKER_USER=e621ng

 # discord: Starts the discord integration to join users to a discord server.
 #          The application must have its OAuth2 redirect URI set to ${JOINER_BASE_URL}/callback.
--- a/.github/prepare-docker-image/action.yml
+++ b/.github/prepare-docker-image/action.yml
@ -15,5 +15,5 @@ runs:
        tags: e621

    - name: Set docker run command
-      run: echo "DOCKER_RUN=docker-compose run --user 0:0 -e CI=true" >> "$GITHUB_ENV"
+      run: echo "DOCKER_RUN=docker-compose run -e CI=true" >> "$GITHUB_ENV"
      shell: bash
--- a/5
+++ b/5
@ -32,6 +32,8 @@ COPY --from=node-builder /usr/local/share /usr/local/share
 COPY --from=node-builder /usr/local/lib /usr/local/lib
 COPY --from=node-builder /usr/local/include /usr/local/include
 COPY --from=node-builder /usr/local/bin /usr/local/bin
+# Copy yarn to both root and the user created below to support running as both
+COPY --from=node-builder /root/.cache/node /root/.cache/node
 COPY --from=node-builder /root/.cache/node /home/e621ng/.cache/node

 # Copy gems and js packages
@ -45,9 +47,8 @@ RUN addgroup --gid ${HOST_GID} e621ng && \
  adduser -S --shell /bin/sh --uid ${HOST_UID} e621ng && \
  addgroup e621ng wheel && \
  echo "e621ng ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
-USER e621ng

-# Ignore warnings from git about .git permission differences
+# Ignore warnings from git about .git permission differences when running as root
 RUN git config --global --add safe.directory $(pwd)

 CMD ["foreman", "start"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -35,6 +35,7 @@ services:
      args:
        HOST_UID: ${HOST_UID:-1000}
        HOST_GID: ${HOST_GID:-1000}
+    user: ${DOCKER_USER:-root}
    image: e621
    volumes:
      - .:/app