From 7826b72835642783b80ca3094df6880fc7f48d23 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Mon, 15 Jan 2024 08:59:56 +0000 Subject: [PATCH] [Docker] Default to running as root Previous setups will already contain folders created as root. Making a different user the default will break these setups. So just make it opt-in instead. --- .devcontainer/docker-compose.extend.yml | 1 + .env.sample | 7 ++++--- .github/prepare-docker-image/action.yml | 2 +- Dockerfile | 5 +++-- docker-compose.yml | 1 + 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.devcontainer/docker-compose.extend.yml b/.devcontainer/docker-compose.extend.yml index 71d6a0a1a..ca97f1964 100644 --- a/.devcontainer/docker-compose.extend.yml +++ b/.devcontainer/docker-compose.extend.yml @@ -5,6 +5,7 @@ services: # https://github.com/microsoft/vscode-remote-release/issues/8734 dev-container: image: e621 + user: ${DOCKER_USER:-root} environment: RAILS_ENV: development volumes: diff --git a/.env.sample b/.env.sample index 56c88355f..8f6c37db4 100644 --- a/.env.sample +++ b/.env.sample @@ -38,12 +38,13 @@ # # -# When using the Dev Container in Linux, you must set these variables to avoid file permission errors. -# If not set the container will default to the root user and modified files will only be accesible to -# root on your host as well. Use `id -u` to print the UID and `id -g` for the GID. +# When wanting to run as the non-root user, you must set these variables to +# avoid file permission errors. If not set the container will default +# to the root user. Use `id -u` to print the UID and `id -g` for the GID. # # HOST_UID= # HOST_GID= +# DOCKER_USER=e621ng # discord: Starts the discord integration to join users to a discord server. # The application must have its OAuth2 redirect URI set to ${JOINER_BASE_URL}/callback. diff --git a/.github/prepare-docker-image/action.yml b/.github/prepare-docker-image/action.yml index f6e478fe8..cdd7bf3e1 100644 --- a/.github/prepare-docker-image/action.yml +++ b/.github/prepare-docker-image/action.yml @@ -15,5 +15,5 @@ runs: tags: e621 - name: Set docker run command - run: echo "DOCKER_RUN=docker-compose run --user 0:0 -e CI=true" >> "$GITHUB_ENV" + run: echo "DOCKER_RUN=docker-compose run -e CI=true" >> "$GITHUB_ENV" shell: bash diff --git a/Dockerfile b/Dockerfile index 53d1320f4..0f1c4aeed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,6 +32,8 @@ COPY --from=node-builder /usr/local/share /usr/local/share COPY --from=node-builder /usr/local/lib /usr/local/lib COPY --from=node-builder /usr/local/include /usr/local/include COPY --from=node-builder /usr/local/bin /usr/local/bin +# Copy yarn to both root and the user created below to support running as both +COPY --from=node-builder /root/.cache/node /root/.cache/node COPY --from=node-builder /root/.cache/node /home/e621ng/.cache/node # Copy gems and js packages @@ -45,9 +47,8 @@ RUN addgroup --gid ${HOST_GID} e621ng && \ adduser -S --shell /bin/sh --uid ${HOST_UID} e621ng && \ addgroup e621ng wheel && \ echo "e621ng ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers -USER e621ng -# Ignore warnings from git about .git permission differences +# Ignore warnings from git about .git permission differences when running as root RUN git config --global --add safe.directory $(pwd) CMD ["foreman", "start"] diff --git a/docker-compose.yml b/docker-compose.yml index 718715be3..dcffa23d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,6 +35,7 @@ services: args: HOST_UID: ${HOST_UID:-1000} HOST_GID: ${HOST_GID:-1000} + user: ${DOCKER_USER:-root} image: e621 volumes: - .:/app