Gituser143
commented
3 years ago Hi @avLightless thanks for the PR again! I definitely missed the fact that metadata was not being written back.
PS: Don't worry about the docker check failing, I assumed it would only trigger for internal PRs.
As mentioned in my issue, here is a fix for the docker volume permissions. I have tried many things, but in order to keep the app working as a single binary, and to keep the container rootless, this is what I have come up with.
In the dockerfile I set the HOME env to the home folder of our default user. In the run command I specified the -user flag so that the container runs with the user ID and group ID of the host system user. This way the app remains rootless, and GO recognizes and has write access to HOME. I chose not to remove "appuser" as the default user from the dockerfile for two reasons: 1) We would need to create the home folder anyway and 2) this way if the end user runs the container WITHOUT specifying a user, the app still will not run as root, but default to appuser. (Ofcourse then their changes will not be saved.)
Fixes: #24