Create a non-root user in the ENTRYPOINT

ucan-lab · Aug 20, 2024 · 9593b48 · 9593b48
1 parent 59a88be
commit 9593b48
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 32 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,7 @@
 for-linux-env:
 	echo "UID=$$(id -u)" >> .env
 	echo "GID=$$(id -g)" >> .env
+	echo "USERNAME=$$(whoami)" >> .env
 install:
 	@make build
 	@make up

diff --git a/README.md b/README.md
@@ -22,22 +22,21 @@ Build a simple laravel development environment with Docker Compose. Support with
 3. Execute the following command
 
 ```bash
-$ task for-linux-env # Linux environment only
 $ task create-project
 
 # or...
 
-$ make for-linux-env # Linux environment only
 $ make create-project
 
-# or...
+# or... Linux environment
 
-$ echo "UID=$(id -u)" >> .env # Linux environment only
-$ echo "GID=$(id -g)" >> .env # Linux environment only
+$ echo "UID=$(id -u)" >> .env
+$ echo "GID=$(id -g)" >> .env
+$ echo "USERNAME=$(whoami)" >> .env
 
 $ mkdir -p src
 $ docker compose build
-$ docker compose up -d
+$ docker compose --file compose.yaml --file compose-for-linux.yaml up --detach
 $ docker compose exec app composer create-project --prefer-dist laravel/laravel .
 $ docker compose exec app php artisan key:generate
 $ docker compose exec app php artisan storage:link
@@ -53,21 +52,20 @@ http://localhost
 2. Execute the following command
 
 ```bash
-$ task for-linux-env # Linux environment only
 $ task install
 
 # or...
 
-$ make for-linux-env # Linux environment only
 $ make install
 
-# or...
+# or... Linux environment
 
-$ echo "UID=$(id -u)" >> .env # Linux environment only
-$ echo "GID=$(id -g)" >> .env # Linux environment only
+$ echo "UID=$(id -u)" >> .env
+$ echo "GID=$(id -g)" >> .env
+$ echo "USERNAME=$(whoami)" >> .env
 
 $ docker compose build
-$ docker compose up -d
+$ docker compose --file compose.yaml --file compose-for-linux.yaml up --detach
 $ docker compose exec app composer install
 $ docker compose exec app cp .env.example .env
 $ docker compose exec app php artisan key:generate

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -5,6 +5,7 @@ tasks:
     cmds:
       - echo "UID=$(id -u)" >> .env
       - echo "GID=$(id -g)" >> .env
+      - echo "USERNAME=$(whoami)" >> .env
 
   install:
     cmds:

diff --git a/compose-for-linux.yaml b/compose-for-linux.yaml
@@ -0,0 +1,8 @@
+services:
+  app:
+    entrypoint: ["/usr/local/bin/entrypoint.sh"]
+    command: ["php-fpm"]
+    environment:
+      - UID=${UID:-1000}
+      - GID=${GID:-1000}
+      - USERNAME=${USERNAME:-phper}
diff --git a/compose.yaml b/compose.yaml
@@ -6,9 +6,6 @@ services:
     build:
       context: .
       dockerfile: ./infra/docker/php/Dockerfile
-      args:
-        UID: ${UID:-1000}
-        GID: ${GID:-1000}
       target: ${APP_BUILD_TARGET:-development}
     volumes:
       - type: bind

diff --git a/infra/docker/php/Dockerfile b/infra/docker/php/Dockerfile
@@ -11,10 +11,8 @@ ENV TZ=UTC \
   # composer environment
   COMPOSER_HOME=/composer
 
-ARG UID=1000
-ARG GID=1000
-
 COPY --from=composer:2.7 /usr/bin/composer /usr/bin/composer
+COPY ./infra/docker/php/entrypoint.sh /usr/local/bin/entrypoint.sh
 
 RUN <<EOF
   apt-get update
@@ -33,14 +31,8 @@ RUN <<EOF
     pdo_mysql \
     zip \
     bcmath
-  # permission denied bind mount in Linux environment
-  groupadd --gid $GID phper
-  useradd --uid $UID --gid $GID phper
   mkdir /composer
-  mkdir -p /home/phper/.config/psysh
-  chown phper:phper /composer
-  chown phper:phper /workspace
-  chown phper:phper /home/phper/.config/psysh
+  chmod +x /usr/local/bin/entrypoint.sh
   apt-get clean
   rm -rf /var/lib/apt/lists/*
 EOF
@@ -49,8 +41,6 @@ FROM base AS development
 
 COPY ./infra/docker/php/php.development.ini /usr/local/etc/php/php.ini
 
-USER phper
-
 FROM base AS development-xdebug
 
 RUN <<EOF
@@ -60,14 +50,10 @@ EOF
 
 COPY ./infra/docker/php/xdebug.ini /usr/local/etc/php/conf.d/xdebug.ini
 
-USER phper
-
 FROM base AS deploy
 
 COPY ./infra/docker/php/php.deploy.ini /usr/local/etc/php/php.ini
-COPY --chown=phper:phper ./src /workspace
-
-USER phper
+COPY ./src /workspace
 
 RUN <<EOF
   composer install --quiet --no-interaction --no-ansi --no-dev --no-scripts --no-progress --prefer-dist

diff --git a/infra/docker/php/entrypoint.sh b/infra/docker/php/entrypoint.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+UID=${UID:-1000}
+GID=${GID:-1000}
+USERNAME=${USERNAME:-phper}
+
+echo "Starting with UID: $UID, GID: $GID, USERNAME: $USERNAME"
+
+useradd -u "$UID" -o -m "$USERNAME"
+groupmod -g "$GID" "$USERNAME"
+
+mkdir -p /home/"$USERNAME"/.config/psysh
+chown "$USERNAME":"$USERNAME" /home/"$USERNAME"/.config/psysh
+chown "$USERNAME":"$USERNAME" /composer
+chown "$USERNAME":"$USERNAME" /workspace
+
+export HOME=/home/"$USERNAME"
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- php-fpm "$@"
+fi
+
+exec "$@"