From 782feb189a3d9c7171b628b3f297233adfd09e18 Mon Sep 17 00:00:00 2001 From: Ilyes512 Date: Thu, 2 Apr 2026 14:07:07 +0200 Subject: [PATCH] Add default user code and fixuid tool and config --- .github/prompts/update-project.prompt.md | 1 + apache/Dockerfile | 44 +++++++++++++++++++++++ fpm/Dockerfile | 45 ++++++++++++++++++++++++ frankenphp/Dockerfile | 44 +++++++++++++++++++++++ 4 files changed, 134 insertions(+) diff --git a/.github/prompts/update-project.prompt.md b/.github/prompts/update-project.prompt.md index b03dfe4..cbb4ff8 100644 --- a/.github/prompts/update-project.prompt.md +++ b/.github/prompts/update-project.prompt.md @@ -100,6 +100,7 @@ All three Dockerfiles share the same versions for the following builder-stage to `composer/composer` - `XDEBUG_VERSION` — `xdebug/xdebug` on Packagist - `PCOV_VERSION` — `pecl/pcov` on Packagist +- `FIXUID_VERSION` — check the GitHub Releases API for `boxboat/fixuid` Process each tool individually and in order: diff --git a/apache/Dockerfile b/apache/Dockerfile index 576d113..d2af743 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -186,6 +186,50 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/* +# Latest version of fixuid: https://github.com/boxboat/fixuid/releases/latest +ARG FIXUID_VERSION=0.6.0 + +ARG USER=code +ARG GROUP=code +ARG USER_UID=1000 +ARG USER_GID=1000 +ARG TARGETARCH + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN curl -fsSLo /tmp/fixuid.tar.gz "https://github.com/boxboat/fixuid/releases/download/v$FIXUID_VERSION/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz" \ + && tar -xf /tmp/fixuid.tar.gz -C /usr/local/bin fixuid \ + && chown root:root /usr/local/bin/fixuid \ + && chmod 4755 /usr/local/bin/fixuid \ + && rm /tmp/fixuid.tar.gz \ + # Create user and group, and setup fixuid configuration + && existing_group="$(getent group "$USER_GID" | cut -d: -f1 || true)" \ + && if [ -z "$existing_group" ]; then \ + groupadd --gid "$USER_GID" "$GROUP"; \ + existing_group="$GROUP"; \ + fi \ + && useradd --uid "$USER_UID" --gid "$USER_GID" --create-home "$USER" --shell /bin/bash \ + && mkdir -p \ + /etc/fixuid \ + "/data" \ + "/config" \ + "/cache" \ + && chown -R "$USER_UID":"$USER_GID" \ + "/data" \ + "/config" \ + "/cache" \ + && cat < /etc/fixuid/config.yml +user: $USER +group: $existing_group +paths: + - /var/www + - /home/$USER + - /data + - /config + - /cache + +EOF + FROM builder AS builder_nodejs ARG TARGETARCH diff --git a/fpm/Dockerfile b/fpm/Dockerfile index 0dbecf5..c326655 100644 --- a/fpm/Dockerfile +++ b/fpm/Dockerfile @@ -149,6 +149,7 @@ ARG XDEBUG_VERSION=3.5.1 # Latest version of pcov: https://packagist.org/packages/pecl/pcov ARG PCOV_VERSION=1.0.12 + RUN apt-get update \ && apt-get install --assume-yes --no-install-recommends \ # Needed for xdebug extension configuration @@ -186,6 +187,50 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/* +# Latest version of fixuid: https://github.com/boxboat/fixuid/releases/latest +ARG FIXUID_VERSION=0.6.0 + +ARG USER=code +ARG GROUP=code +ARG USER_UID=1000 +ARG USER_GID=1000 +ARG TARGETARCH + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN curl -fsSLo /tmp/fixuid.tar.gz "https://github.com/boxboat/fixuid/releases/download/v$FIXUID_VERSION/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz" \ + && tar -xf /tmp/fixuid.tar.gz -C /usr/local/bin fixuid \ + && chown root:root /usr/local/bin/fixuid \ + && chmod 4755 /usr/local/bin/fixuid \ + && rm /tmp/fixuid.tar.gz \ + # Create user and group, and setup fixuid configuration + && existing_group="$(getent group "$USER_GID" | cut -d: -f1 || true)" \ + && if [ -z "$existing_group" ]; then \ + groupadd --gid "$USER_GID" "$GROUP"; \ + existing_group="$GROUP"; \ + fi \ + && useradd --uid "$USER_UID" --gid "$USER_GID" --create-home "$USER" --shell /bin/bash \ + && mkdir -p \ + /etc/fixuid \ + "/data" \ + "/config" \ + "/cache" \ + && chown -R "$USER_UID":"$USER_GID" \ + "/data" \ + "/config" \ + "/cache" \ + && cat < /etc/fixuid/config.yml +user: $USER +group: $existing_group +paths: + - /var/www + - /home/$USER + - /data + - /config + - /cache + +EOF + FROM builder AS builder_nodejs ARG TARGETARCH diff --git a/frankenphp/Dockerfile b/frankenphp/Dockerfile index 2780d78..433d3bd 100644 --- a/frankenphp/Dockerfile +++ b/frankenphp/Dockerfile @@ -190,6 +190,50 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/* +# Latest version of fixuid: https://github.com/boxboat/fixuid/releases/latest +ARG FIXUID_VERSION=0.6.0 + +ARG USER=code +ARG GROUP=code +ARG USER_UID=1000 +ARG USER_GID=1000 +ARG TARGETARCH + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +RUN curl -fsSLo /tmp/fixuid.tar.gz "https://github.com/boxboat/fixuid/releases/download/v$FIXUID_VERSION/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz" \ + && tar -xf /tmp/fixuid.tar.gz -C /usr/local/bin fixuid \ + && chown root:root /usr/local/bin/fixuid \ + && chmod 4755 /usr/local/bin/fixuid \ + && rm /tmp/fixuid.tar.gz \ + # Create user and group, and setup fixuid configuration + && existing_group="$(getent group "$USER_GID" | cut -d: -f1 || true)" \ + && if [ -z "$existing_group" ]; then \ + groupadd --gid "$USER_GID" "$GROUP"; \ + existing_group="$GROUP"; \ + fi \ + && useradd --uid "$USER_UID" --gid "$USER_GID" --create-home "$USER" --shell /bin/bash \ + && mkdir -p \ + /etc/fixuid \ + "/data" \ + "/config" \ + "/cache" \ + && chown -R "$USER_UID":"$USER_GID" \ + "/data" \ + "/config" \ + "/cache" \ + && cat < /etc/fixuid/config.yml +user: $USER +group: $existing_group +paths: + - /var/www + - /home/$USER + - /data + - /config + - /cache + +EOF + FROM builder AS builder_nodejs ARG TARGETARCH