diff --git a/Dockerfile b/Dockerfile index 1102a72..f6b53bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,10 +30,10 @@ COPY shard.lock . RUN shards install --production --ignore-crystal-version --skip-postinstall --skip-executables -# Add src (0777 as container may be launch as a random user) +# Add src COPY ./src /app/src -RUN mkdir -p /app/www && chmod 0777 /app/www -RUN mkdir -p /app/tmp && chmod 0777 /app/tmp +RUN mkdir -p /app/www +RUN mkdir -p /app/tmp # Build application RUN PLACE_COMMIT=$PLACE_COMMIT \ @@ -77,8 +77,15 @@ COPY --from=build /usr/libexec/git-core/ /usr/libexec/git-core/ # Copy the app into place COPY --from=build /app/deps / COPY --from=build /app/bin / -COPY --from=build --chown=appuser:appuser --chmod=0777 /app/www/ /app/www/ -COPY --from=build --chown=appuser:appuser --chmod=0777 /app/tmp /tmp/ + +COPY --from=build --chown=0:0 /app/www /app/www +COPY --from=build --chown=0:0 /app/tmp /tmp + +# This seems to be the only way to set permissions properly +COPY --from=build /bin /bin +RUN chmod -R a+rwX /tmp +RUN chmod -R a+rwX /app/www +RUN rm -rf /bin # Use an unprivileged user. USER appuser:appuser