nocci/free-games-claimer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

docker: user fgc instead of root, fixes #468, how to deal with existing volumes?

Browse source
This commit is contained in:
Ralf Vogler 2025-05-25 21:57:36 +02:00
parent a2e1ef60e6
commit fdbd71ef0d
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Dockerfile
View file

@ -52,7 +52,15 @@ RUN ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html
RUN pip install --no-cache-dir apprise
WORKDIR /fgc
COPY package*.json ./
# add user fgc to not run the application as root in the end
ARG USER=fgc
RUN useradd -ms /bin/bash fgc
# adjust permissions, otherwise can only read /fgc/data, but not write
# normally this would be mounted, but since this only happens later we need to create /fgc/data first
# also need to chown ., otherwise we can't create node_modules inside as fgc
RUN mkdir data && chown -R fgc:fgc .
USER fgc
COPY --chown=fgc:fgc package*.json ./
# Playwright installs patched firefox to ~/.cache/ms-playwright/firefox-*
# Requires some system deps to run (see inlined install-deps above).
@ -61,7 +69,7 @@ RUN npm install
# From 1.38 Playwright will no longer install browser automatically for playwright, but apparently still for playwright-firefox: https://github.com/microsoft/playwright/releases/tag/v1.38.0
# RUN npx playwright install firefox
COPY . .
COPY --chown=fgc:fgc . .
# Shell scripts need Linux line endings. On Windows, git might be configured to check out dos/CRLF line endings, so we convert them for those people in case they want to build the image. They could also use --config core.autocrlf=input
RUN dos2unix ./*.sh && chmod +x ./*.sh

3
docker-entrypoint.sh
View file

@ -36,9 +36,10 @@ rm -f /tmp/.X1-lock
# Options passed directly to the Xvfb server:
# -ac disables host-based access control mechanisms
# screen NUM WxHxD creates the screen and sets its width, height, and depth
# -nolisten unix tells the server not to use Unix domain sockets, thus avoiding the need to create /tmp/.X11-unix
export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Looks like you launched a headed browser without having a XServer running.'
Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" -nolisten unix &
echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
if [ -z "$VNC_PASSWORD" ]; then
pw="-nopw"