add puid and pgid container env vars

brchri · Oct 8, 2023 · 9ae3bcb · 9ae3bcb
1 parent 6deea35
commit 9ae3bcb
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -14,19 +14,22 @@ FROM alpine:3.18
 
 ARG USER_UID=10000
 ARG USER_GID=$USER_UID
+# store original userid and groupid as env vars to pass to entrypoint for replacement if puid and pgid are specified at runtime
+ENV OUID $USER_UID
+ENV OGID $USER_GID
 
 VOLUME [ "/app/config" ]
 WORKDIR /app
 
-RUN apk add --no-cache bash tzdata && \
+RUN apk add --no-cache bash tzdata su-exec && \
     addgroup --gid $USER_GID nonroot && \
     adduser --uid $USER_UID --ingroup nonroot --system --shell bin/bash nonroot && \
     chown -R nonroot:nonroot /app
 
 COPY --from=builder --chown=nonroot:nonroot --chmod=755 /app/tesla-youq /app/config.example.yml /app/
+COPY ./entrypoint.sh /app/
 
 ENV PATH="/app:${PATH}"
 
-USER nonroot
-
+ENTRYPOINT [ "/app/entrypoint.sh" ]
 CMD [ "/app/tesla-youq", "-c", "/app/config/config.yml" ]
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# OUID and OGID are the original user and group ids set during the image
+# build and are replaced here at runtime if PGID and PUID are set
+if [ -n "$PGID" ] && [ "$PGID" -ne 0 ]; then
+  sed -i "s/nonroot:x:$OUID:$OGID:/nonroot:x:$OUID:$PGID:/" /etc/passwd
+  sed -i "s/nonroot:x:$OGID:/nonroot:x:$PGID:/" /etc/group
+fi
+
+if [ -n "$PUID" ] && [ "$PUID" -ne 0 ]; then
+  sed -i "s/nonroot:x:$OUID:/nonroot:x:$PUID:/" /etc/passwd
+fi
+
+chown nonroot: /app /app/*
+
+# Use su-exec to execute the command as nonroot user
+exec su-exec nonroot "$@"