--

.castor/utils.php

@@ -47,7 +47,7 @@ function about(): void
 }
 
 #[AsTask(description: 'Opens a shell (bash) into a builder container')]
-function builder(string $user = 'app'): void
+function builder(): void
 {
     $c = get_context()
         ->withTimeout(null)
@@ -56,7 +56,7 @@ function builder(string $user = 'app'): void
         ->withQuiet()
         ->withAllowFailure()
     ;
-    docker_compose_run('bash', c: $c, user: $user);
+    docker_compose_run('bash', c: $c);
 }
 
 #[AsContext(default: true)]
@@ -110,7 +110,6 @@ function docker_compose_run(
     string $runCommand,
     Context $c = null,
     string $service = 'builder',
-    string $user = 'app',
     bool $noDeps = true,
     string $workDir = null,
     bool $portMapping = false,
@@ -119,7 +118,6 @@ function docker_compose_run(
     $command = [
         'run',
         '--rm',
-        '-u', $user,
     ];
 
     if ($noDeps) {
@@ -160,6 +158,7 @@ function docker_compose(array $subCommand, Context $c = null, bool $withBuilder
             'PROJECT_DIRECTORY' => variable('project_directory'),
             'PROJECT_ROOT_DOMAIN' => variable('root_domain'),
             'PROJECT_DOMAINS' => $domains,
+            'USER_ID' => variable('user_id'),
             'COMPOSER_CACHE_DIR' => variable('composer_cache_dir'),
             'PHP_VERSION' => variable('php_version'),
         ], true)

infrastructure/docker/docker-compose.builder.yml

@@ -17,6 +17,7 @@ services:
             - postgres
         environment:
             - COMPOSER_MEMORY_LIMIT=-1
+            - UID=${USER_ID}
             - GITHUB_ACTIONS
         volumes:
             - "../../${PROJECT_DIRECTORY}:/home/app/application:cached"

infrastructure/docker/services/php/Dockerfile

@@ -37,11 +37,11 @@ RUN apt-get update \
 # Fake user to maps with the one on the host
 COPY entrypoint /
 ARG USER_ID
-RUN addgroup --gid 1000 app && \
+RUN addgroup --gid $USER_ID app && \
     adduser --system --uid $USER_ID --home /home/app --shell /bin/bash app && \
-    wget -O- https://github.com/tianon/gosu/releases/download/1.12/gosu-amd64 | \
+    curl -Ls https://github.com/tianon/gosu/releases/download/1.16/gosu-amd64 | \
         install /dev/stdin /usr/local/bin/gosu && \
-    sed "s/{{ application_user_id }}/$USER_ID/g" -i /entrypoint
+    sed "s/{{ application_user }}/app/g" -i /entrypoint
 
 # Configuration
 COPY base/php-configuration /etc/php/${PHP_VERSION}
@@ -101,5 +101,3 @@ RUN mkdir -p "/home/app/.composer/cache" \
 
 ENV PATH="$PATH:/home/app/application/tools/php-cs-fixer/vendor/bin"
 ENV PATH="$PATH:/home/app/application/tools/phpstan/vendor/bin"
-
-USER app

infrastructure/docker/services/php/entrypoint

@@ -3,18 +3,22 @@
 set -e
 set -u
 
+if [ $(id -u) != 0 ]; then
+    echo "Running this image as non root is not allowed"
+    exit 1
+fi
+
 : "${UID:=0}"
 : "${GID:=${UID}}"
 
 if [ "$#" = 0 ]; then
-    echo "A"
     set -- "$(command -v bash 2>/dev/null || command -v sh)" -l
 fi
 
 if [ "$UID" != 0 ]; then
-    usermod -u "$UID" "{{ application_user_id }}" 2>/dev/null && {
-        groupmod -g "$GID" "{{ application_user_id }}" 2>/dev/null ||
-        usermod -a -G "$GID" "{{ application_user_id }}"
+    usermod -u "$UID" "{{ application_user }}" 2>/dev/null && {
+        groupmod -g "$GID" "{{ application_user }}" 2>/dev/null ||
+        usermod -a -G "$GID" "{{ application_user }}"
     }
     set -- gosu "${UID}:${GID}" "${@}"
 fi