allow runing as non-root user

Author: SniperSister

.env.example

@@ -70,3 +70,7 @@ HEALTH_CHECK_INTERVAL=24
 CLEANUP_SITE_DELAY=7
 # Cache time in minutes
 TUF_REPO_CACHETIME=5
+
+# Docker config
+HOST_UID=0
+HOST_GID=0

Dockerfile

@@ -1,4 +1,6 @@
 FROM dunglas/frankenphp
+ARG UID
+ARG GID
 
 RUN apt-get update && apt-get install -y git
 
@@ -11,8 +13,10 @@ RUN install-php-extensions \
     curl \
     redis
 
-COPY . /app
+RUN addgroup --gid $GID nonroot && adduser --uid $UID --gid $GID --disabled-password --gecos "" nonroot
+USER nonroot
 
+COPY  --chown=nonroot:nonroot . /app
 RUN composer install --no-dev
 
 ENTRYPOINT ["php", "artisan", "octane:frankenphp"]

README.md

@@ -4,6 +4,7 @@ This is the server for automated updates of Joomla CMS instances running on joom
 # Deployment and usage
 * Install docker and docker compose
 * Check out this repo
+* Copy to .env.example to .env and adjust to your requirements - important: set UID and GID to user and group on the host system that you would like to use for the processes
 * Start the webserver and DB services:  `docker-compose -f docker-compose.prod.yml up -d` 
 * Apply the database migrations: `docker-compose run --entrypoint="php artisan migrate" php`
 * Daemonize the queue worker using supervisord; the call in question is: `docker-compose run --entrypoint="php artisan horizon" php`

docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3.1'
 services:
     mysql:
         image: 'mariadb:11'
@@ -20,6 +19,9 @@ services:
     php:
         build:
             context: .
+            args:
+                UID: ${HOST_UID}
+                GID: ${HOST_GID}
         entrypoint: php artisan octane:frankenphp --workers=1 --max-requests=1
         ports:
             - '21001:8000'