Merge pull request #172 from ckan/minimise-root-user

Minimise root ownership of application files

README.md

@@ -102,6 +102,10 @@ To build the images:
 
 	docker compose -f docker-compose.dev.yml build
 
+To install extensions from the `src` directory:
+
+	docker compose -f docker-compose.dev.yml run -u root ckan-dev ./install_src.sh
+
 To start the containers:
 
 	docker compose -f docker-compose.dev.yml up
@@ -114,7 +118,7 @@ See [CKAN images](#5-ckan-images) for more details of what happens when using de
 You can use the ckan [extension](https://docs.ckan.org/en/latest/extensions/tutorial.html#creating-a-new-extension) instructions to create a CKAN extension, only executing the command inside the CKAN container and setting the mounted `src/` folder as output:
 
 ```bash
-docker compose -f docker-compose.dev.yml exec ckan-dev ckan generate extension --output-dir /srv/app/src_extensions
+docker compose -f docker-compose.dev.yml exec -u `stat -c '%u' src` -e HOME=/srv/app/src_extensions ckan-dev ckan generate extension --output-dir /srv/app/src_extensions
 ```
 
 ```
@@ -131,11 +135,8 @@ Written: /srv/app/src_extensions/ckanext-mytheme
 
 The new extension files and directories are created in the `/srv/app/src_extensions/` folder in the running container. They will also exist in the local src/ directory as local `/src` directory is mounted as `/srv/app/src_extensions/` on the ckan container.
 
-The files will be owned by root, to correct the ownership so you can edit the files with your normal account outside the container run:
+Please note that you will need to change the stat command to `stat -f '%u' src` on Mac OS rather than `stat -c '%u' src` which is specific to GNU stat (ie: Linux)
 
-```bash
-docker compose -f docker-compose.dev.yml exec ckan-dev chown --reference /srv/app/src_extensions/ -R /srv/app/src_extensions/ckanext-mytheme/
-```
 
 #### Running HTTPS on development mode
 

ckan/Dockerfile

@@ -1,14 +1,16 @@
-FROM ckan/ckan-base:2.11.0
+FROM ckan/ckan-base:2.11
 
 # Install any extensions needed by your CKAN instance
 # See Dockerfile.dev for more details and examples
 
 # Copy custom initialization scripts
-COPY docker-entrypoint.d/* /docker-entrypoint.d/
+COPY --chown=ckan-sys:ckan-sys docker-entrypoint.d/* /docker-entrypoint.d/
 
 # Apply any patches needed to CKAN core or any of the built extensions (not the
 # runtime mounted ones)
-COPY patches ${APP_DIR}/patches
+COPY --chown=ckan-sys:ckan-sys patches ${APP_DIR}/patches
+
+USER ckan
 
 RUN for d in $APP_DIR/patches/*; do \
         if [ -d $d ]; then \

ckan/Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM ckan/ckan-dev:2.11.0
+FROM ckan/ckan-dev:2.11
 
 # Install any extensions needed by your CKAN instance
 # - Make sure to add the plugins to CKAN__PLUGINS in the .env file
@@ -35,11 +35,13 @@ FROM ckan/ckan-dev:2.11.0
 # to get them mounted in this image at runtime
 
 # Copy custom initialization scripts
-COPY docker-entrypoint.d/* /docker-entrypoint.d/
+COPY --chown=ckan-sys:ckan-sys docker-entrypoint.d/* /docker-entrypoint.d/
 
 # Apply any patches needed to CKAN core or any of the built extensions (not the
 # runtime mounted ones)
-COPY patches ${APP_DIR}/patches
+COPY --chown=ckan-sys:ckan-sys patches ${APP_DIR}/patches
+
+USER ckan
 
 RUN for d in $APP_DIR/patches/*; do \
         if [ -d $d ]; then \

docker-compose.dev.yml

@@ -4,6 +4,7 @@ volumes:
   solr_data:
   pip_cache:
   site_packages:
+  local_bin:
   vscode_server:
 
 services:
@@ -26,7 +27,8 @@ services:
       - ckan_storage:/var/lib/ckan
       - ./src:/srv/app/src_extensions
       - pip_cache:/root/.cache/pip
-      - site_packages:/usr/lib/python3.10/site-packages
+      - site_packages:/usr/local/lib/python3.10/site-packages
+      - local_bin:/usr/local/bin
       - vscode_server:/root/.vscode-server
     restart: unless-stopped
     healthcheck: