fix(docker)!: root-less docker container

The docker container now runs under the `retrom` user again. BREAKING CHANGE: The UID:GID of the retrom user in the container has changed from 1505:1505 to the more common 1000:1000. This is so it is less likely one needs to change the ID's at runtime. You may need to adjust or remove any `user: ` directives in your docker compose file.
JMBeresford · Jan 16, 2025 · 9464a23 · 9464a23
1 parent 88d8e1d
commit 9464a23
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/docker/service.Dockerfile b/docker/service.Dockerfile
@@ -69,12 +69,15 @@ RUN mkdir /app/data
 RUN mkdir /app/psql
 RUN mkdir /app/config
 
+RUN chown -R retrom:retrom /app
 RUN chmod -R 775 /app
 RUN chmod +x /app/start.sh
 
 VOLUME /app/config
 VOLUME /app/data
 
+USER retrom
+
 RUN umask ${UMASK}
 
 ENV EMBEDDED_DB_OPTS="?data_dir=/app/data&password_file=/app/.passwd&installation_dir=/app/psql"

diff --git a/packages/service/src/lib.rs b/packages/service/src/lib.rs
@@ -17,14 +17,14 @@ use tokio::task::JoinHandle;
 use tower::Service;
 use tracing::Instrument;
 
+#[cfg(feature = "embedded_db")]
+use retrom_db::embedded::DB_NAME;
+
 pub mod config;
 mod grpc;
 mod providers;
 mod rest;
 
-#[cfg(feature = "embedded_db")]
-use retrom_db::embedded::DB_NAME;
-
 pub const DEFAULT_PORT: i32 = 5101;
 pub const DEFAULT_DB_URL: &str = "postgres://postgres:postgres@localhost/retrom";
 const CARGO_VERSION: &str = env!("CARGO_PKG_VERSION");