From e8bd8a20e2372ddc9c1089268f8fa32f07fa1ab0 Mon Sep 17 00:00:00 2001 From: Stephen von Takach Date: Thu, 14 Nov 2024 20:15:09 +1100 Subject: [PATCH] fix(Dockerfile): use busybox to set permissions the docker tools do not behave as expected --- Dockerfile | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1102a72..f6b53bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,10 +30,10 @@ COPY shard.lock . RUN shards install --production --ignore-crystal-version --skip-postinstall --skip-executables -# Add src (0777 as container may be launch as a random user) +# Add src COPY ./src /app/src -RUN mkdir -p /app/www && chmod 0777 /app/www -RUN mkdir -p /app/tmp && chmod 0777 /app/tmp +RUN mkdir -p /app/www +RUN mkdir -p /app/tmp # Build application RUN PLACE_COMMIT=$PLACE_COMMIT \ @@ -77,8 +77,15 @@ COPY --from=build /usr/libexec/git-core/ /usr/libexec/git-core/ # Copy the app into place COPY --from=build /app/deps / COPY --from=build /app/bin / -COPY --from=build --chown=appuser:appuser --chmod=0777 /app/www/ /app/www/ -COPY --from=build --chown=appuser:appuser --chmod=0777 /app/tmp /tmp/ + +COPY --from=build --chown=0:0 /app/www /app/www +COPY --from=build --chown=0:0 /app/tmp /tmp + +# This seems to be the only way to set permissions properly +COPY --from=build /bin /bin +RUN chmod -R a+rwX /tmp +RUN chmod -R a+rwX /app/www +RUN rm -rf /bin # Use an unprivileged user. USER appuser:appuser