fix: actually run the backend as a non-root user

docker/Dockerfile.application

@@ -12,12 +12,15 @@ USER $BUILD_UID
 WORKDIR $BUILD
 RUN --mount=type=cache,target=$MAVEN_HOME/.m2,uid=$BUILD_UID \
 	mvn -e -Duser.home=$MAVEN_HOME package
+USER 0
+RUN chown -R root $BUILD
 
 FROM openjdk:7u211-jre-alpine AS backend
 RUN <<EOF
 	set -e
 	mkdir -p /app/state
-	chown -R 1000 /app/state
+	touch /app/data-source.xml
+	chown -R 1000 /app/state /app/data-source.xml
 EOF
 COPY --from=build /src/legacyworlds-server/legacyworlds-server-main/target/*.jar /app/server.jar
 COPY --from=build /src/legacyworlds-server/legacyworlds-server-main/target/lib /app/lib

docker/backend-entrypoint.sh

@@ -8,7 +8,7 @@ run_init_command() {
 	if ! [ -f state/init-$stage ]; then
 		echo "Running initialization stage $stage"
 		echo " --> $*"
-		if /app/entrypoint.sh tool "$*"
+		if /app/entrypoint.sh tool $*
 		then
 			touch state/init-$stage
 		else

docker/compose.yml

@@ -25,6 +25,7 @@ services:
       dockerfile: docker/Dockerfile.application
       target: backend
     restart: always
+    user: "1000"
     volumes:
       - init-state:/app/state
     environment: