From 46bc60351c69130902552216deb58c7ed9d8700e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20BENO=C3=8ET?= <tseeker@nocternity.net>
Date: Fri, 3 Jan 2025 23:53:54 +0100
Subject: [PATCH] fix: actually run the backend as a non-root user

---
 docker/Dockerfile.application | 5 ++++-
 docker/backend-entrypoint.sh  | 2 +-
 docker/compose.yml            | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile.application b/docker/Dockerfile.application
index e6e88aa..5c80114 100644
--- a/docker/Dockerfile.application
+++ b/docker/Dockerfile.application
@@ -12,12 +12,15 @@ USER $BUILD_UID
 WORKDIR $BUILD
 RUN --mount=type=cache,target=$MAVEN_HOME/.m2,uid=$BUILD_UID \
 	mvn -e -Duser.home=$MAVEN_HOME package
+USER 0
+RUN chown -R root $BUILD
 
 FROM openjdk:7u211-jre-alpine AS backend
 RUN <<EOF
 	set -e
 	mkdir -p /app/state
-	chown -R 1000 /app/state
+	touch /app/data-source.xml
+	chown -R 1000 /app/state /app/data-source.xml
 EOF
 COPY --from=build /src/legacyworlds-server/legacyworlds-server-main/target/*.jar /app/server.jar
 COPY --from=build /src/legacyworlds-server/legacyworlds-server-main/target/lib /app/lib
diff --git a/docker/backend-entrypoint.sh b/docker/backend-entrypoint.sh
index 2d0cc77..40724d9 100755
--- a/docker/backend-entrypoint.sh
+++ b/docker/backend-entrypoint.sh
@@ -8,7 +8,7 @@ run_init_command() {
 	if ! [ -f state/init-$stage ]; then
 		echo "Running initialization stage $stage"
 		echo " --> $*"
-		if /app/entrypoint.sh tool "$*"
+		if /app/entrypoint.sh tool $*
 		then
 			touch state/init-$stage
 		else
diff --git a/docker/compose.yml b/docker/compose.yml
index 5eaf8a0..a3083ea 100644
--- a/docker/compose.yml
+++ b/docker/compose.yml
@@ -25,6 +25,7 @@ services:
       dockerfile: docker/Dockerfile.application
       target: backend
     restart: always
+    user: "1000"
     volumes:
       - init-state:/app/state
     environment: