Docker Image enhancement and better CLI support.

[jorgecuesta]

THIS PR INCLUDES BREAKING CHANGES

• Dockerfile now uses app user instead of root

Why?

A few Geo-Mesh users report to POKTscan about an issue with the new image after we adopt the one on the pokt-network/pocket-core repository on the latest RC.

They report that this image is using root as the user which is recommended to be avoided. There are a lot of blogs and documentation about this, here one of them from a well-known docker image user/company.

Also, we detected a few things that could be enhanced on both, entry point and docker context.

The problem with having a public image using root right now is that pocket binary generates folders and files that now belong to the root user, so they will need to modify those permissions to belong to the proper app user and group. To this, I added another optional entry point that could be used once to fix the permission issue and then start the container as before.

Here you can see how to use it with docker-compose or docker

Changes:

• Modifications to Dockerfile allow the container to run as app user instead of root.
• Added a new shell script named fix_permissions.sh to fix ownership issues related to running containers.
• Updated Dockerfile to use this new script.
• Added a .dockerignore file to help maintain a cleaner Docker build context, excluding unnecessary files.
• Modifications to entrypoint.sh allows the user to run all its internal commands with the proper --datadir param. Now properly handle the start command when --keybase=false is sent. Also, allow the user to pass the --datadir as an env variable to omit it on the start command.

[Olshansk]

@okdas Please review this when you're back in office next week and see if any of the learnings / suggestions can transfer over to #495 which we should pick up then as well.

[nodiesBlade]

(Reviewed this on Geomesh branch as well), looks good to me.

[Olshansk]

@okdas PTAL

[Olshansk]

Re-running to make sure this passes but otherwise lgtm:

[okdas]

@Olshansk it is not going to pass because the origin of the PR is a branch from pokt-scan organization which doesn't have permissions to push to our container registry.

[Olshansk]

@okdas Appreciate the context. What do you recommend as the solution here?

For example:

1. We squash & merge as is?
2. Update permissions to allow their org to run CI on our repo?
3. Validate in some other way?
4. Etc?

I understand the risk is low but just looking to you to make a call here.

[okdas]

@Olshansk the workaround would be to open a new PR under pokt-network org, but I don't think we need to do that and should proceed with merging as is. The CI job seems to be failing on the very last step - and the image itself is built successfully.