forked from mirror/pixelfed
don't hardcode UID/GID for runtime
This commit is contained in:
parent
f390c3c3e9
commit
6244511cf8
5 changed files with 23 additions and 17 deletions
|
@ -17,6 +17,8 @@ ARG PHP_EXTENSIONS_EXTRA=""
|
|||
ARG PHP_EXTENSIONS="intl bcmath zip pcntl exif curl gd"
|
||||
ARG PHP_VERSION="8.1"
|
||||
ARG APT_PACKAGES_EXTRA=""
|
||||
ARG RUNTIME_UID=33
|
||||
ARG RUNTIME_GID=33
|
||||
|
||||
# GPG key for nginx apt repository
|
||||
ARG NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||
|
@ -56,6 +58,8 @@ FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base
|
|||
ARG PHP_VERSION
|
||||
ARG PHP_DEBIAN_RELEASE
|
||||
ARG APT_PACKAGES_EXTRA
|
||||
ARG RUNTIME_UID
|
||||
ARG RUNTIME_GID
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
ARG BUILDKIT_SBOM_SCAN_STAGE=true
|
||||
|
@ -67,7 +71,7 @@ SHELL ["/bin/bash", "-c"]
|
|||
|
||||
RUN set -ex \
|
||||
&& mkdir -pv /var/www/ \
|
||||
&& chown -R 33:33 /var/www
|
||||
&& chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www
|
||||
|
||||
WORKDIR /var/www/
|
||||
|
||||
|
@ -193,6 +197,8 @@ FROM base AS composer-and-src
|
|||
|
||||
ARG PHP_VERSION
|
||||
ARG PHP_DEBIAN_RELEASE
|
||||
ARG RUNTIME_UID
|
||||
ARG RUNTIME_GID
|
||||
ARG TARGETPLATFORM
|
||||
|
||||
# Make sure composer cache is targeting our cache mount later
|
||||
|
@ -207,11 +213,11 @@ ENV COMPOSER_NO_INTERACTION=1
|
|||
# Copy composer from https://hub.docker.com/_/composer
|
||||
COPY --link --from=composer-image /usr/bin/composer /usr/bin/composer
|
||||
|
||||
#! Changing user to 33
|
||||
USER 33:33
|
||||
#! Changing user to runtime user
|
||||
USER ${RUNTIME_UID}:${RUNTIME_GID}
|
||||
|
||||
# Copy over only composer related files so docker layer cache isn't invalidated on PHP file changes
|
||||
COPY --link --chown=33:33 composer.json composer.lock /var/www/
|
||||
COPY --link --chown=${RUNTIME_UID}:${RUNTIME_GID} composer.json composer.lock /var/www/
|
||||
|
||||
# Install composer dependencies
|
||||
# NOTE: we skip the autoloader generation here since we don't have all files avaliable (yet)
|
||||
|
@ -220,7 +226,7 @@ RUN --mount=type=cache,id=pixelfed-composer-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}
|
|||
&& composer install --prefer-dist --no-autoloader --ignore-platform-reqs
|
||||
|
||||
# Copy all other files over
|
||||
COPY --link --chown=33:33 . /var/www/
|
||||
COPY --link --chown=${RUNTIME_UID}:${RUNTIME_GID} . /var/www/
|
||||
|
||||
# Generate optimized autoloader now that we have all files around
|
||||
RUN set -ex \
|
||||
|
@ -237,7 +243,7 @@ FROM base AS shared-runtime
|
|||
|
||||
COPY --link --from=php-extensions /usr/local/lib/php/extensions /usr/local/lib/php/extensions
|
||||
COPY --link --from=php-extensions /usr/local/etc/php /usr/local/etc/php
|
||||
COPY --link --from=composer-and-src --chown=33:33 /var/www /var/www
|
||||
COPY --link --from=composer-and-src --chown=${RUNTIME_UID}:${RUNTIME_GID} /var/www /var/www
|
||||
COPY --link --from=forego-image /usr/local/bin/forego /usr/local/bin/forego
|
||||
COPY --link contrib/docker/php.production.ini "$PHP_INI_DIR/php.ini"
|
||||
|
||||
|
|
|
@ -4,10 +4,10 @@ set -o errexit -o nounset -o pipefail
|
|||
source /lib.sh
|
||||
|
||||
entrypoint_log "==> Create the storage tree if needed"
|
||||
as_www_user cp --recursive storage.skel/* storage/
|
||||
as_runtime_user cp --recursive storage.skel/* storage/
|
||||
|
||||
entrypoint_log "==> Ensure storage is linked"
|
||||
as_www_user php artisan storage:link
|
||||
as_runtime_user php artisan storage:link
|
||||
|
||||
entrypoint_log "==> Ensure permissions are correct"
|
||||
chown --recursive www-data:www-data storage/ bootstrap/
|
||||
chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/
|
||||
|
|
|
@ -3,4 +3,4 @@ set -o errexit -o nounset -o pipefail
|
|||
|
||||
source /lib.sh
|
||||
|
||||
as_www_user php artisan horizon:publish
|
||||
as_runtime_user php artisan horizon:publish
|
|
@ -3,11 +3,11 @@ set -o errexit -o nounset -o pipefail
|
|||
|
||||
source /lib.sh
|
||||
|
||||
entrypoint_log "==> config:cache"
|
||||
as_www_user php artisan config:cache
|
||||
|
||||
entrypoint_log "==> route:cache"
|
||||
as_www_user php artisan route:cache
|
||||
as_runtime_user php artisan route:cache
|
||||
|
||||
entrypoint_log "==> view:cache"
|
||||
as_www_user php artisan view:cache
|
||||
as_runtime_user php artisan view:cache
|
||||
|
||||
entrypoint_log "==> config:cache"
|
||||
as_runtime_user php artisan config:cache
|
|
@ -8,6 +8,6 @@ function entrypoint_log() {
|
|||
fi
|
||||
}
|
||||
|
||||
function as_www_user() {
|
||||
su --preserve-environment www-data --shell /bin/bash --command "${*}"
|
||||
function as_runtime_user() {
|
||||
su --preserve-environment ${RUNTIME_UID} --shell /bin/bash --command "${*}"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue