docker: Add support for UID:GID

Adds support for the UID/GID env variables in Docker via `gosu`.

.github/workflows/Dockerfile.ci

@@ -56,13 +56,12 @@ ENV UID=1000
 ENV GID=1000
 ENV USER=lldap
 RUN apt update && \
-    apt install -y --no-install-recommends tini ca-certificates && \
+    apt install -y --no-install-recommends tini ca-certificates gosu && \
     apt clean && \
     rm -rf /var/lib/apt/lists/* && \
     groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER
 COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /lldap /app
 COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /docker-entrypoint.sh /docker-entrypoint.sh
 WORKDIR /app
-USER $USER
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 CMD ["run", "--config-file", "/data/lldap_config.toml"]

.github/workflows/Dockerfile.ci.alpine

@@ -56,7 +56,8 @@ WORKDIR /app
 ENV UID=1000
 ENV GID=1000
 ENV USER=lldap
-RUN apk add --no-cache tini ca-certificates bash && \
+RUN echo http://mirror.math.princeton.edu/pub/alpinelinux/edge/testing/ >> /etc/apk/repositories && \
+    apk add --no-cache tini ca-certificates bash gosu && \
     addgroup -g $GID $USER && \
     adduser \
     --disabled-password \
@@ -69,6 +70,5 @@ RUN apk add --no-cache tini ca-certificates bash && \
 COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /lldap /app
 COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /docker-entrypoint.sh /docker-entrypoint.sh
 WORKDIR /app
-USER $USER
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 CMD ["run", "--config-file", "/data/lldap_config.toml"]

docker-entrypoint.sh

@@ -35,4 +35,13 @@ if [[ ! -r "$CONFIG_FILE" ]]; then
   exit 1;
 fi
 
-exec /app/lldap "$@"
+echo "> Setup permissions.."
+find /app \! -user "$UID" -exec chown "$UID:$GID" '{}' +
+find /data \! -user "$UID" -exec chown "$UID:$GID" '{}' +
+
+
+echo "> Starting lldap.."
+echo ""
+exec gosu "$UID:$GID" /app/lldap "$@"
+
+exec "$@"