Skip to content

Commit

Permalink
Fix docker user permissions issues (#1194)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Silex
Silex committed Jan 31, 2024
1 parent 9b8985a commit 211db11
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 5 deletions.
11 changes: 11 additions & 0 deletions .docs/Docker.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,17 @@ For more information, please refer to the [Dockerfile](https://github.com/Tyrrrz
To get your Token and Channel IDs, please refer to [this page](Token-and-IDs.md).
## Unix permissions issues
This image was designed with a user running as uid:gid of 1000:1000.
If your current user has different IDs, and you want to generate files directly editable for your user, you might want to run the container like this:
```console
mkdir data # or chown -R $(id -u):$(id -g) data
docker run -it --rm -v $PWD/data:/out --user $(id -u):$(id -g) tyrrrz/discordchatexporter:stable export -t TOKEN -g CHANNELID
```
## Environment variables

DiscordChatExpoter CLI accepts the `DISCORD_TOKEN` environment variable as a fallback for the `--token` option. You can set this variable either with the `--env` Docker option or with a combination of the `--env-file` Docker option and a `.env` file.
Expand Down
11 changes: 6 additions & 5 deletions DiscordChatExporter.Cli.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,20 +40,21 @@ LABEL org.opencontainers.image.licenses="MIT"

# Alpine image doesn't come with the ICU libraries pre-installed, so we need to install them manually.
# We need the full ICU data because we allow the user to specify any locale for formatting purposes.
RUN apk add --no-cache icu-libs
RUN apk add --no-cache icu-data-full
RUN apk add --no-cache icu-libs icu-data-full
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV LC_ALL=en_US.UTF-8
ENV LANG=en_US.UTF-8

# Use a non-root user to ensure that the files shared with the host are accessible by the host user
# https://github.com/Tyrrrz/DiscordChatExporter/issues/851
RUN adduser --disabled-password --no-create-home dce
USER dce
# https://github.com/Tyrrrz/DiscordChatExporter/issues/1174
RUN apk add --no-cache su-exec
RUN addgroup -S -g 1000 dce && adduser -S -H -G dce -u 1000 dce

# This directory is exposed to the user for mounting purposes, so it's important that it always
# stays the same for backwards compatibility.
WORKDIR /out

COPY --from=build /tmp/app/DiscordChatExporter.Cli/bin/publish /opt/app
ENTRYPOINT ["/opt/app/DiscordChatExporter.Cli"]
COPY docker-entrypoint.sh /opt/app
ENTRYPOINT ["/opt/app/docker-entrypoint.sh"]
10 changes: 10 additions & 0 deletions docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/usr/bin/env sh

# If we are root, ensure the files in /out are writable
# by the dce user and restart the process as the dce user
if [ "$(id -u)" = '0' ]; then
chown -R dce:dce /out
exec su-exec dce "$0" "$@"
fi

exec ./DiscordChatExporter.Cli "$@"

0 comments on commit 211db11

Please sign in to comment.