From 388d34c9ce1eede8b6b3c835fac68a957aa1d193 Mon Sep 17 00:00:00 2001
From: Andreas Nedbal <git@pixelde.su>
Date: Fri, 25 Dec 2020 01:18:48 +0100
Subject: [PATCH] Adjust Docker setup to run Rails without root

---
 .docker/ruby/Dockerfile | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/.docker/ruby/Dockerfile b/.docker/ruby/Dockerfile
index 9c70d0ce..75c43f1f 100644
--- a/.docker/ruby/Dockerfile
+++ b/.docker/ruby/Dockerfile
@@ -1,5 +1,10 @@
 FROM ruby:2.7
 
+USER root
+
+ARG UID=1000
+ARG GID=1000
+
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
 
@@ -14,9 +19,20 @@ RUN apt-get update -qq \
     yarn \
     && rm -rf /var/lib/apt/lists/*
 
-RUN mkdir /app
+RUN mkdir /app \
+    && mkdir /cache
 WORKDIR /app
 
+RUN addgroup --gid ${GID} app \
+	&& adduser --gecos "" --disabled-password --shell /bin/bash --uid ${UID} --gid ${GID} app \
+	&& chown "${UID}:${GID}" -R /app/ \
+    && chown "${UID}:${GID}" -R /cache/
+
+COPY .docker/entrypoint.sh /usr/bin/
+RUN chmod +x /usr/bin/entrypoint.sh
+
+USER app:app
+
 ADD Gemfile* /app/
 RUN bundle install --jobs=$(nproc)
 RUN gem install ruby-debug-ide
@@ -27,8 +43,6 @@ RUN yarn install
 
 COPY . /app
 
-COPY .docker/entrypoint.sh /usr/bin/
-RUN chmod +x /usr/bin/entrypoint.sh
 ENTRYPOINT ["entrypoint.sh"]
 EXPOSE 3000