From 22d0b14ef16ea3d95095c9300cd5992b294bbf00 Mon Sep 17 00:00:00 2001
From: Dragory <2606411+Dragory@users.noreply.github.com>
Date: Sun, 7 Aug 2022 12:23:27 +0300
Subject: [PATCH] docker: allow configuring UID/GID used inside the containers

---
 .env.example                      |  5 +++++
 docker-compose.production.yml     | 28 ++++++++++++++++++++--------
 docker/production/node/Dockerfile | 10 ++++++++++
 3 files changed, 35 insertions(+), 8 deletions(-)
 create mode 100644 docker/production/node/Dockerfile

diff --git a/.env.example b/.env.example
index 4494f3b0..363e617f 100644
--- a/.env.example
+++ b/.env.example
@@ -21,6 +21,11 @@ API_PORT=3000
 # Only required if relevant feature is used
 #PHISHERMAN_API_KEY=
 
+# The user ID and group ID that should be used within the Docker containers
+# This should match your own user ID and group ID. Run `id -u` and `id -g` to find them.
+DOCKER_USER_UID=
+DOCKER_USER_GID=
+
 #
 # DOCKER (DEVELOPMENT)
 #
diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 109cb3bb..6ab79342 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -26,39 +26,51 @@ services:
     command: --authentication-policy=mysql_native_password
 
   prepare_backend:
-    image: node:16.16
+    build:
+      context: ./docker/production/node
+      args:
+        DOCKER_USER_UID: ${DOCKER_USER_UID:?Missing DOCKER_USER_UID}
+        DOCKER_USER_GID: ${DOCKER_USER_GID:?Missing DOCKER_USER_GID}
     depends_on:
       - mysql
     volumes:
       - ./:/zeppelin
-    user: node
     command: |-
       bash -c "cd /zeppelin/backend && npm ci && npm run build && npm run migrate-prod"
 
   api:
-    image: node:16.16
+    build:
+      context: ./docker/production/node
+      args:
+        DOCKER_USER_UID: ${DOCKER_USER_UID:?Missing DOCKER_USER_UID}
+        DOCKER_USER_GID: ${DOCKER_USER_GID:?Missing DOCKER_USER_GID}
     restart: on-failure
     depends_on:
       - prepare_backend
     volumes:
       - ./:/zeppelin
-    user: node
     command: ["/bin/bash", "/zeppelin/docker/production/start-api.sh"]
 
   bot:
-    image: node:16.16
+    build:
+      context: ./docker/production/node
+      args:
+        DOCKER_USER_UID: ${DOCKER_USER_UID:?Missing DOCKER_USER_UID}
+        DOCKER_USER_GID: ${DOCKER_USER_GID:?Missing DOCKER_USER_GID}
     restart: on-failure
     depends_on:
       - prepare_backend
     volumes:
       - ./:/zeppelin
-    user: node
     command: ["/bin/bash", "/zeppelin/docker/production/start-bot.sh"]
 
   build_dashboard:
-    image: node:16.16
+    build:
+      context: ./docker/production/node
+      args:
+        DOCKER_USER_UID: ${DOCKER_USER_UID:?Missing DOCKER_USER_UID}
+        DOCKER_USER_GID: ${DOCKER_USER_GID:?Missing DOCKER_USER_GID}
     volumes:
       - ./:/zeppelin
-    user: node
     command: |-
       bash -c "cd /zeppelin/dashboard && npm ci && npm run build"
diff --git a/docker/production/node/Dockerfile b/docker/production/node/Dockerfile
new file mode 100644
index 00000000..22b46e45
--- /dev/null
+++ b/docker/production/node/Dockerfile
@@ -0,0 +1,10 @@
+FROM node:16.16
+
+ARG DOCKER_USER_UID
+ARG DOCKER_USER_GID
+
+# This custom Dockerfile is needed for the Node image so we can change the uid/gid used for the node user
+# See https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#non-root-user
+RUN groupmod -g "${DOCKER_USER_GID}" node && usermod -u "${DOCKER_USER_UID}" -g "${DOCKER_USER_GID}" node
+
+USER node