feat(docker): simplify docker compose for end users (#96)

* feat(docker): simplify docker compose for end users

The previous docker-compose requires end user to manually handle
permissions of taskchampion data dir. And this commit has directories
automatically set up in docker-entrypoint.sh, just like what
postgresql did in https://github.com/docker-library/postgres/blob/master/docker-entrypoint.sh

* fix(docker): revert to anonymous data volume for compatibility

* feat: use uid 1092 for taskchampion

* fix(docker): revert mkdir

This is embarrassing that subpaths are not automatically created.

So we still need mkdir service in case of anonymous data volume.

* fix(docker): typo

.dockerignore

@@ -0,0 +1,7 @@
+*
+!Cargo.toml
+!Cargo.lock
+!core/
+!server/
+!sqlite/
+!docker-entrypoint.sh

Dockerfile

@@ -1,19 +1,25 @@
 # Versions must be major.minor
-ARG RUST_VERSION
+# Default versions are as below
-ARG ALPINE_VERSION
+ARG RUST_VERSION=1.78
+ARG ALPINE_VERSION=3.19
 
 FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder
-COPY . /data
+COPY Cargo.lock Cargo.toml /data/
+COPY core /data/core/
+COPY server /data/server/
+COPY sqlite /data/sqlite/
 RUN apk -U add libc-dev && \
   cd /data && \
   cargo build --release
 
 FROM docker.io/alpine:${ALPINE_VERSION}
 COPY --from=builder /data/target/release/taskchampion-sync-server /bin
-RUN adduser -S -D -H -h /var/lib/taskchampion-sync-server -s /sbin/nologin -G users \
+RUN apk add --no-cache su-exec && \
+  adduser -u 1092 -S -D -H -h /var/lib/taskchampion-sync-server -s /sbin/nologin -G users \
   -g taskchampion taskchampion && \
-  install -d -m755 -o100 -g100 "/var/lib/taskchampion-sync-server"
+  install -d -m1755 -o1092 -g1092 "/var/lib/taskchampion-sync-server"
 EXPOSE 8080
-VOLUME "/var/lib/taskchampion-sync-server"
+VOLUME /var/lib/task-champion-sync-server/data
-USER taskchampion
+COPY docker-entrypoint.sh /bin
-ENTRYPOINT [ "taskchampion-sync-server" ]
+ENTRYPOINT [ "/bin/docker-entrypoint.sh" ]
+CMD [ "/bin/taskchampion-sync-server" ]

docker-compose.yml

@@ -1,16 +1,13 @@
 volumes:
   data:
 
+
 services:
-  # Make the necessary subdirectories of the `data` volume, and set ownership of the
-  # `tss/taskchampion-sync-server` directory, as the server runs as user 100.
   mkdir:
     image: caddy:2-alpine
     command: |
       /bin/sh -c "
-        mkdir -p /data/caddy/data /data/caddy/config /data/tss/taskchampion-sync-server &&
+      mkdir -p /data/caddy/data /data/caddy/config /data/tss/taskchampion-sync-server"
-        chown -R 100:100 /data/tss/taskchampion-sync-server
-      "
     volumes:
       - type: volume
         source: data
@@ -48,18 +45,18 @@ services:
   tss:
     image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:0.5.0
     restart: unless-stopped
+    environment:
+      - "RUST_LOG=info"
+      - "DATA_DIR=/var/lib/taskchampion-sync-server/data"
+      - "LISTEN=0.0.0.0:8080"
     volumes:
       - type: volume
         source: data
-        target: /tss
+        target: /var/lib/taskchampion-sync-server/data
         read_only: false
         volume:
           nocopy: true
-          subpath: tss
+          subpath: tss/taskchampion-sync-server
-    environment:
-      - "RUST_LOG=info"
-      - "DATA_DIR=/tss/taskchampion-sync-server"
-      - "LISTEN=0.0.0.0:8080"
     depends_on:
       mkdir:
         condition: service_completed_successfully

docker-entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+echo "starting entrypoint script..."
+if [ "$1" = "/bin/taskchampion-sync-server" ]; then
+    echo "setting data directories"
+    mkdir -p "/var/lib/taskchampion-sync-server/data"
+    chown -R 1092:1092 "/var/lib/taskchampion-sync-server/data"
+    chmod -R 700 "/var/lib/taskchampion-sync-server/data"
+    if [ "$(id -u)" = "0" ]; then
+        echo "switching to user 'taskchampion'"
+        exec su-exec taskchampion "$@"
+    fi
+fi