feat: enhance Dockerfile and entrypoint for user permissions and environment variable handling

docker/entrypoint.sh

@@ -3,27 +3,50 @@ set -eu
 
 DATA_DIR="${DATA_DIR:-/data}"
 SCHEMA_PATH="./prisma/schema.prisma"
+PUID="${PUID:-}"
+PGID="${PGID:-$PUID}"
 
-# ensure data dir exists and is writable
 mkdir -p "$DATA_DIR"
 chmod 0775 "$DATA_DIR" || true
 
-# ensure DATABASE_URL is set to the runtime DATA_DIR
 : "${DATABASE_URL:=file:${DATA_DIR}/sqlite.db}"
 export DATABASE_URL
 
-# create sqlite file if missing
 SQLITE_DB_PATH="${DATA_DIR}/sqlite.db"
 if [ ! -f "$SQLITE_DB_PATH" ]; then
   touch "$SQLITE_DB_PATH"
   chmod 0664 "$SQLITE_DB_PATH" || true
 fi
 
-# run non-interactive migrations if CLI available
+# run migrations if prisma CLI available
 if command -v npx >/dev/null 2>&1 && [ -f "$SCHEMA_PATH" ]; then
   echo "Running prisma migrate deploy..."
   npx prisma migrate deploy --schema="$SCHEMA_PATH" || echo "prisma migrate deploy failed or no migrations to apply"
 fi
 
-# exec main process
+# If root and numeric PUID supplied, create/reuse group by GID then create user and chown
+if [ "$(id -u)" = "0" ] && [ -n "$PUID" ]; then
+  # try find an existing group with this GID
+  existing_group="$(getent group | awk -F: -v gid="$PGID" '$3==gid{print $1; exit}')"
+  if [ -n "$existing_group" ]; then
+    grp="$existing_group"
+  else
+    grp="appgroup"
+    addgroup -g "${PGID}" "$grp" 2>/dev/null || true
+  fi
+
+  if ! id -u app >/dev/null 2>&1; then
+    adduser -D -u "${PUID}" -G "$grp" -s /bin/sh app 2>/dev/null || true
+  fi
+
+  # ensure runtime paths writable by numeric ids
+  chown -R "${PUID}:${PGID}" "$DATA_DIR" /app/backend /app/frontend/dist 2>/dev/null || true
+
+  # drop privileges and run command
+  echo "Running as user: "${PUID}""
+  echo "Running as group: "${PGID}""
+  exec su-exec "${PUID}:${PGID}" "$@"
+fi
+
+# otherwise run as current user
 exec "$@"