mikkel/nexus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1923 from radiusred/fix/docker-volumes

Browse source 
fix(docker): remap container UID/GID at runtime to avoid volume mount permission errors
This commit is contained in:
Dotta 2026-03-31 08:46:27 -05:00 committed by GitHub
commit ebc6888e7d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 46 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Dockerfile
View file

@ -1,9 +1,17 @@
FROM node:lts-trixie-slim AS base FROM node:lts-trixie-slim AS base
ARG USER_UID=1000
ARG USER_GID=1000
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates curl git \ && apt-get install -y --no-install-recommends ca-certificates curl git gosu \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN corepack enable RUN corepack enable
# Modify the existing node user/group to have the specified UID/GID to match host user
RUN usermod -u $USER_UID --non-unique node \
&& groupmod -g $USER_GID --non-unique node \
&& usermod -g $USER_GID -d /paperclip node
FROM base AS deps FROM base AS deps
WORKDIR /app WORKDIR /app
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml .npmrc ./ COPY package.json pnpm-workspace.yaml pnpm-lock.yaml .npmrc ./
@ -35,12 +43,17 @@ RUN pnpm --filter @paperclipai/server build
RUN test -f server/dist/index.js || (echo "ERROR: server build output missing" && exit 1) RUN test -f server/dist/index.js || (echo "ERROR: server build output missing" && exit 1)
FROM base AS production FROM base AS production
ARG USER_UID=1000
ARG USER_GID=1000
WORKDIR /app WORKDIR /app
COPY --chown=node:node --from=build /app /app COPY --chown=node:node --from=build /app /app
RUN npm install --global --omit=dev @anthropic-ai/claude-code@latest @openai/codex@latest opencode-ai \ RUN npm install --global --omit=dev @anthropic-ai/claude-code@latest @openai/codex@latest opencode-ai \
&& mkdir -p /paperclip \ && mkdir -p /paperclip \
&& chown node:node /paperclip && chown node:node /paperclip
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENV NODE_ENV=production \ ENV NODE_ENV=production \
HOME=/paperclip \ HOME=/paperclip \
HOST=0.0.0.0 \ HOST=0.0.0.0 \
@ -48,6 +61,8 @@ ENV NODE_ENV=production \
SERVE_UI=true \ SERVE_UI=true \
PAPERCLIP_HOME=/paperclip \ PAPERCLIP_HOME=/paperclip \
PAPERCLIP_INSTANCE_ID=default \ PAPERCLIP_INSTANCE_ID=default \
USER_UID=${USER_UID} \
USER_GID=${USER_GID} \
PAPERCLIP_CONFIG=/paperclip/instances/default/config.json \ PAPERCLIP_CONFIG=/paperclip/instances/default/config.json \
PAPERCLIP_DEPLOYMENT_MODE=authenticated \ PAPERCLIP_DEPLOYMENT_MODE=authenticated \
PAPERCLIP_DEPLOYMENT_EXPOSURE=private PAPERCLIP_DEPLOYMENT_EXPOSURE=private
@ -55,5 +70,5 @@ ENV NODE_ENV=production \
VOLUME ["/paperclip"] VOLUME ["/paperclip"]
EXPOSE 3100 EXPOSE 3100
USER node ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["node", "--import", "./server/node_modules/tsx/dist/loader.mjs", "server/dist/index.js"] CMD ["node", "--import", "./server/node_modules/tsx/dist/loader.mjs", "server/dist/index.js"]

29
docker-entrypoint.sh Normal file
View file

@ -0,0 +1,29 @@
#!/bin/sh
set -e
# Capture runtime UID/GID from environment variables, defaulting to 1000
PUID=${USER_UID:-1000}
PGID=${USER_GID:-1000}
# Adjust the node user's UID/GID if they differ from the runtime request
# and fix volume ownership only when a remap is needed
changed=0
if [ "$(id -u node)" -ne "$PUID" ]; then
echo "Updating node UID to $PUID"
usermod -o -u "$PUID" node
changed=1
fi
if [ "$(id -g node)" -ne "$PGID" ]; then
echo "Updating node GID to $PGID"
groupmod -o -g "$PGID" node
usermod -g "$PGID" node
changed=1
fi
if [ "$changed" = "1" ]; then
chown -R node:node /paperclip
fi
exec gosu node "$@"