From 969c9f7a307425497e1368900f30e0d52722614a Mon Sep 17 00:00:00 2001
From: ucan-lab <35098175+ucan-lab@users.noreply.github.com>
Date: Tue, 20 Aug 2024 10:06:59 +0900
Subject: [PATCH] Create a non-root user in the ENTRYPOINT

---
 Makefile                       |  5 ++++-
 README.md                      | 22 ++++++++++------------
 Taskfile.yml                   |  1 +
 compose-for-linux.yaml         |  8 ++++++++
 compose.yaml                   |  3 ---
 infra/docker/php/Dockerfile    | 23 +++++------------------
 infra/docker/php/entrypoint.sh | 25 +++++++++++++++++++++++++
 7 files changed, 53 insertions(+), 34 deletions(-)
 create mode 100644 compose-for-linux.yaml
 create mode 100644 infra/docker/php/entrypoint.sh

diff --git a/Makefile b/Makefile
index 6dd0dd03..c65edeb9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,7 @@
 for-linux-env:
 	echo "UID=$$(id -u)" >> .env
 	echo "GID=$$(id -g)" >> .env
+	echo "USERNAME=$$(whoami)" >> .env
 install:
 	@make build
 	@make up
@@ -11,7 +12,7 @@ install:
 	docker compose exec app chmod -R 777 storage bootstrap/cache
 	@make fresh
 create-project:
-	mkdir src
+	mkdir src -p
 	docker compose build
 	docker compose up -d
 	docker compose exec app composer create-project --prefer-dist laravel/laravel .
@@ -23,6 +24,8 @@ build:
 	docker compose build
 up:
 	docker compose up --detach
+up-for-linux:
+	docker compose --file compose.yaml --file compose-for-linux.yaml up --detach
 stop:
 	docker compose stop
 down:
diff --git a/README.md b/README.md
index a1795850..5457ae52 100644
--- a/README.md
+++ b/README.md
@@ -22,22 +22,21 @@ Build a simple laravel development environment with Docker Compose. Support with
 3. Execute the following command
 
 ```bash
-$ task for-linux-env # Linux environment only
 $ task create-project
 
 # or...
 
-$ make for-linux-env # Linux environment only
 $ make create-project
 
-# or...
+# or... Linux environment
 
-$ echo "UID=$(id -u)" >> .env # Linux environment only
-$ echo "GID=$(id -g)" >> .env # Linux environment only
+$ echo "UID=$(id -u)" >> .env
+$ echo "GID=$(id -g)" >> .env
+$ echo "USERNAME=$(whoami)" >> .env
 
 $ mkdir -p src
 $ docker compose build
-$ docker compose up -d
+$ docker compose --file compose.yaml --file compose-for-linux.yaml up --detach
 $ docker compose exec app composer create-project --prefer-dist laravel/laravel .
 $ docker compose exec app php artisan key:generate
 $ docker compose exec app php artisan storage:link
@@ -53,21 +52,20 @@ http://localhost
 2. Execute the following command
 
 ```bash
-$ task for-linux-env # Linux environment only
 $ task install
 
 # or...
 
-$ make for-linux-env # Linux environment only
 $ make install
 
-# or...
+# or... Linux environment
 
-$ echo "UID=$(id -u)" >> .env # Linux environment only
-$ echo "GID=$(id -g)" >> .env # Linux environment only
+$ echo "UID=$(id -u)" >> .env
+$ echo "GID=$(id -g)" >> .env
+$ echo "USERNAME=$(whoami)" >> .env
 
 $ docker compose build
-$ docker compose up -d
+$ docker compose --file compose.yaml --file compose-for-linux.yaml up --detach
 $ docker compose exec app composer install
 $ docker compose exec app cp .env.example .env
 $ docker compose exec app php artisan key:generate
diff --git a/Taskfile.yml b/Taskfile.yml
index e546a5d9..7354df40 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -5,6 +5,7 @@ tasks:
     cmds:
       - echo "UID=$(id -u)" >> .env
       - echo "GID=$(id -g)" >> .env
+      - echo "USERNAME=$(whoami)" >> .env
 
   install:
     cmds:
diff --git a/compose-for-linux.yaml b/compose-for-linux.yaml
new file mode 100644
index 00000000..0f01de11
--- /dev/null
+++ b/compose-for-linux.yaml
@@ -0,0 +1,8 @@
+services:
+  app:
+    entrypoint: ["/usr/local/bin/entrypoint.sh"]
+    command: ["php-fpm"]
+    environment:
+      - UID=${UID}
+      - GID=${GID}
+      - USERNAME=${USERNAME}
diff --git a/compose.yaml b/compose.yaml
index 696d5929..7e0cda13 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -6,9 +6,6 @@ services:
     build:
       context: .
       dockerfile: ./infra/docker/php/Dockerfile
-      args:
-        UID: ${UID:-1000}
-        GID: ${GID:-1000}
       target: ${APP_BUILD_TARGET:-development}
     volumes:
       - type: bind
diff --git a/infra/docker/php/Dockerfile b/infra/docker/php/Dockerfile
index 7b081877..46b5b92c 100644
--- a/infra/docker/php/Dockerfile
+++ b/infra/docker/php/Dockerfile
@@ -11,9 +11,6 @@ ENV TZ=UTC \
   # composer environment
   COMPOSER_HOME=/composer
 
-ARG UID=1000
-ARG GID=1000
-
 COPY --from=composer:2.7 /usr/bin/composer /usr/bin/composer
 
 # hadolint ignore=DL3008
@@ -26,7 +23,8 @@ RUN <<EOF
     libzip-dev \
     libicu-dev \
     libonig-dev \
-    default-mysql-client
+    default-mysql-client \
+    gosu
   locale-gen en_US.UTF-8
   localedef -f UTF-8 -i en_US en_US.UTF-8
   docker-php-ext-install \
@@ -34,24 +32,17 @@ RUN <<EOF
     pdo_mysql \
     zip \
     bcmath
-  # permission denied bind mount in Linux environment
-  groupadd --gid $GID phper
-  useradd --uid $UID --gid $GID phper
   mkdir /composer
-  mkdir -p /home/phper/.config/psysh
-  chown phper:phper /composer
-  chown phper:phper /workspace
-  chown phper:phper /home/phper/.config/psysh
   apt-get clean
   rm -rf /var/lib/apt/lists/*
 EOF
 
+COPY --chmod=755 ./infra/docker/php/entrypoint.sh /usr/local/bin/entrypoint.sh
+
 FROM base AS development
 
 COPY ./infra/docker/php/php.development.ini /usr/local/etc/php/php.ini
 
-USER phper
-
 FROM base AS development-xdebug
 
 RUN <<EOF
@@ -61,14 +52,10 @@ EOF
 
 COPY ./infra/docker/php/xdebug.ini /usr/local/etc/php/conf.d/xdebug.ini
 
-USER phper
-
 FROM base AS deploy
 
 COPY ./infra/docker/php/php.deploy.ini /usr/local/etc/php/php.ini
-COPY --chown=phper:phper ./src /workspace
-
-USER phper
+COPY ./src /workspace
 
 RUN <<EOF
   composer install --quiet --no-interaction --no-ansi --no-dev --no-scripts --no-progress --prefer-dist
diff --git a/infra/docker/php/entrypoint.sh b/infra/docker/php/entrypoint.sh
new file mode 100644
index 00000000..41d5ce4f
--- /dev/null
+++ b/infra/docker/php/entrypoint.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+UID=${UID}
+GID=${GID}
+USERNAME=${USERNAME}
+
+echo "Starting with UID: $UID, GID: $GID, USERNAME: $USERNAME"
+
+useradd -u "$UID" -o -m "$USERNAME"
+groupmod -g "$GID" "$USERNAME"
+
+mkdir -p /home/"$USERNAME"/.config/psysh
+chown "$USERNAME":"$USERNAME" /home/"$USERNAME"/.config/psysh
+chown "$USERNAME":"$USERNAME" /composer
+chown "$USERNAME":"$USERNAME" /workspace
+
+export HOME=/home/"$USERNAME"
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- php-fpm "$@"
+fi
+
+exec gosu "$USERNAME" "$@"