Handle file permissions in a cleaner way while building Docker images

build_docker_image.sh

@@ -5,7 +5,7 @@ set -e
 : ${DOCKER_IMAGE_TAG:=${GITHUB_SHA:-$(git rev-parse HEAD)}}
 : ${DOCKERFILE:=docker/multi-process/Dockerfile}
 
-bin/docker_wrapper build $BUILD_ARGS -t "$DOCKER_IMAGE" -f "$DOCKERFILE" .
+docker build $BUILD_ARGS -t "$DOCKER_IMAGE" -f "$DOCKERFILE" .
 
 if [[ "$1" == --push ]]; then
   [[ -n "$DOCKER_USER" && -n "$DOCKER_IMAGE_TAG" ]]

docker/multi-process/Dockerfile

@@ -12,29 +12,33 @@ ENV HOME=/app
 
 ARG UID=1001
 RUN useradd -u "$UID" -g 0 -d /app -s /sbin/nologin -c "default user" default
+RUN chown -R "$UID:0" /app
+USER $UID
 
 ENV LC_ALL=en_US.UTF-8
 ENV RAILS_ENV=production
 
-COPY ["Gemfile", "Gemfile.lock", "/app/"]
-COPY lib/gemfile_helper.rb /app/lib/
-COPY vendor/gems/ /app/vendor/gems/
+COPY --chown="$UID:0" ["Gemfile", "Gemfile.lock", "/app/"]
+COPY --chown="$UID:0" lib/gemfile_helper.rb /app/lib/
+RUN mkdir /app/vendor
+COPY --chown="$UID:0" vendor/gems/ /app/vendor/gems/
+
+ARG ADDITIONAL_GEMS=
+ENV ADDITIONAL_GEMS=$ADDITIONAL_GEMS
 
 # Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
-RUN umask 002 && git init && \
+RUN git init && \
     bundle config set --local path vendor/bundle && \
-    bundle config set --local without 'test development' && \
-    APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install -j 4
+    bundle config set --local without 'test development'
+
+RUN APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install -j 4
 
-COPY ./ /app/
+COPY --chown="$UID:0" ./ /app/
 
 ARG OUTDATED_DOCKER_REGISTRY=false
 ENV OUTDATED_DOCKER_REGISTRY=${OUTDATED_DOCKER_REGISTRY}
 
-RUN umask 002 && \
-    APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
-    chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/ && \
-    chown -R "$UID" /app
+RUN APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile
 
 EXPOSE 3000
 
@@ -48,6 +52,4 @@ COPY ["docker/multi-process/scripts/bootstrap.sh", \
       "docker/scripts/setup_env", "/scripts/"]
 CMD ["/scripts/init"]
 
-USER $UID
-
 VOLUME /var/lib/mysql

docker/multi-process/README.md

@@ -116,7 +116,7 @@ In newer versions of Docker you are able to pass your own .env file in to the co
 
 You don't need to do this on your own, because there is an [automated build](https://hub.docker.com/r/huginn/huginn/) for this repository, but if you really want run this command in the Huginn root directory:
 
-    bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
+    docker build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
 
 ## Source
 

docker/single-process/Dockerfile

@@ -9,33 +9,35 @@ ENV HOME=/app
 
 ARG UID=1001
 RUN useradd -u "$UID" -g 0 -d /app -s /sbin/nologin -c "default user" default
+RUN chown -R "$UID:0" /app
+USER $UID
 
 ENV LC_ALL=en_US.UTF-8
 ENV RAILS_ENV=production
 
-COPY ["Gemfile", "Gemfile.lock", "/app/"]
-COPY lib/gemfile_helper.rb /app/lib/
-COPY vendor/gems/ /app/vendor/gems/
+COPY --chown="$UID:0" ["Gemfile", "Gemfile.lock", "/app/"]
+COPY --chown="$UID:0" lib/gemfile_helper.rb /app/lib/
+RUN mkdir /app/vendor
+COPY --chown="$UID:0" vendor/gems/ /app/vendor/gems/
+
+ARG ADDITIONAL_GEMS=
+ENV ADDITIONAL_GEMS=$ADDITIONAL_GEMS
 
 # Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
-RUN umask 002 && git init && \
+RUN git init && \
     bundle config set --local path vendor/bundle && \
-    bundle config set --local without 'test development' && \
-    APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install -j 4
+    bundle config set --local without 'test development'
+
+RUN APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install -j 4
 
-COPY ./ /app/
+COPY --chown="$UID:0" ./ /app/
 
 ARG OUTDATED_DOCKER_REGISTRY=false
 ENV OUTDATED_DOCKER_REGISTRY=${OUTDATED_DOCKER_REGISTRY}
 
-RUN umask 002 && \
-    APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
-    chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/ && \
-    chown -R "$UID" /app
+RUN APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile
 
 EXPOSE 3000
 
 COPY ["docker/scripts/setup_env", "docker/single-process/scripts/init", "/scripts/"]
 CMD ["/scripts/init"]
-
-USER $UID

docker/single-process/README.md

@@ -98,7 +98,7 @@ In newer versions of Docker you are able to pass your own .env file in to the co
 
 You don't need to do this on your own, but if you really want run this command in the Huginn root directory:
 
-    bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
+    docker build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
 
 ## Source