From 2d165e03f8ac4c11a49dff6787eb5694199b4416 Mon Sep 17 00:00:00 2001 From: Anton Dubovik Date: Tue, 20 Feb 2024 12:29:36 +0000 Subject: [PATCH] feat: added GID and UID env vars to the Dockerfile --- Dockerfile | 22 +++++++++++++--------- docker-entrypoint.sh | 20 ++++++++++++++++---- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 021995a76..5e0a3b07f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,24 +31,28 @@ ENV OTEL_LOGS_EXPORTER="none" ENV STORAGE_DIR /app/data ENV LOG_DIR /app/log +ENV UID 1001 +ENV GID 1001 + WORKDIR /app -RUN adduser -u 1001 --disabled-password --gecos "" appuser +RUN addgroup --gid "$GID" appgroup && \ + adduser --uid "$UID" --ingroup appgroup --disabled-password --gecos "" appuser -COPY --from=builder --chown=appuser:appuser /build/ . -RUN chown -R appuser:appuser /app +COPY --from=builder --chown=appuser:appgroup /build/ . +RUN chown -R appuser:appgroup /app -COPY --chown=appuser:appuser docker-entrypoint.sh /usr/local/bin/ +COPY --chown=appuser:appgroup docker-entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/docker-entrypoint.sh +RUN mkdir -p "$LOG_DIR" && \ + chown -R appuser:appgroup "$LOG_DIR" && \ + mkdir -p "$STORAGE_DIR" && \ + chown -R appuser:appgroup "$STORAGE_DIR" + HEALTHCHECK --start-period=30s --interval=1m --timeout=3s \ CMD wget --no-verbose --spider --tries=1 http://localhost:8080/health || exit 1 EXPOSE 8080 9464 -RUN mkdir -p "$LOG_DIR" && \ - chown -R appuser:appuser "$LOG_DIR" && \ - mkdir -p "$STORAGE_DIR" && \ - chown -R appuser:appuser "$STORAGE_DIR" - ENTRYPOINT ["docker-entrypoint.sh"] \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7e6f187b5..11f72836c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -6,12 +6,24 @@ set -Ee if [ $# -lt 1 ]; then # If the container is run under the root user, update the ownership of directories - # that may be mounted as volumes to ensure 'appuser' has the necessary access rights. + # that may be mounted as volumes to ensure the specified user:group + # has the necessary access rights. if [ "$(id -u)" = '0' ]; then - find "$LOG_DIR" ! -user appuser -exec chown appuser '{}' + - find "$STORAGE_DIR" ! -user appuser -exec chown appuser '{}' + - exec su-exec appuser "/app/bin/aidial-core" "$@" + if [ -n "$PUID" ]; then + export UID="$PUID" + fi + + if [ -n "$PGID" ]; then + export GID="$PGID" + fi + + echo "Changing the ownership of /app, $LOG_DIR and $STORAGE_DIR to $UID:$GID" + find "/app" ! -user $UID -exec chown $UID:$GID '{}' + + find "$LOG_DIR" ! -user $UID -exec chown $UID:$GID '{}' + + find "$STORAGE_DIR" ! -user $UID -exec chown $UID:$GID '{}' + + + exec su-exec $UID:$GID "/app/bin/aidial-core" "$@" fi exec "/app/bin/aidial-core" "$@"