Set Docker permissions during the build process (#6514)

* Set Docker permissions during the build process

* Remove docker_entrypoint.sh and use COPY with chown

Dockerfile

@@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7
 LABEL maintainer="https://github.com/tootsuite/mastodon" \
       description="A GNU Social-compatible microblogging server"
 
-ENV UID=991 GID=991 \
+ARG UID=991
-    RAILS_SERVE_STATIC_FILES=true \
+ARG GID=991
+
+ENV RAILS_SERVE_STATIC_FILES=true \
     RAILS_ENV=production NODE_ENV=production
 
 ARG YARN_VERSION=1.3.2
@@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in
  && yarn --pure-lockfile \
  && yarn cache clean
 
-COPY . /mastodon
+RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
 
-COPY docker_entrypoint.sh /usr/local/bin/run
+COPY --chown=${UID}:${GID} . /mastodon
-
-RUN chmod +x /usr/local/bin/run
 
 VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs
 
-ENTRYPOINT ["/usr/local/bin/run"]
+USER mastodon
+
+ENTRYPOINT ["/sbin/tini", "--"]

docker_entrypoint.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-### 1. Adds local user (UID and GID are provided from environment variables).
-### 2. Updates permissions, except for ./public/system (should be chown on previous installations).
-### 3. Executes the command as that user.
-
-echo "Creating mastodon user (UID : ${UID} and GID : ${GID})..."
-addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
-
-echo "Updating permissions..."
-find /mastodon -path /mastodon/public/system -prune -o -not -user mastodon -not -group mastodon -print0 | xargs -0 chown -f mastodon:mastodon
-
-echo "Executing process..."
-exec su-exec mastodon:mastodon /sbin/tini -- "$@"