From 4184a06a4250a3d8a13327e9a62157a51b42043e Mon Sep 17 00:00:00 2001
From: George <31376482+george-gca@users.noreply.github.com>
Date: Wed, 23 Oct 2024 11:35:04 -0300
Subject: [PATCH] Added commented code about docker permissions, organized
 Dockerfile (#2801)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I am currently testing out docker in a remote lab environment where
docker was configured in a way that it can't run as root, causing some
permission issues. The solution I could find was to add these changes
(commented by default) to these files and fill the specifics so it could
run as it was your user running the code.

Signed-off-by: George Araújo <george.gcac@gmail.com>
---
 Dockerfile         | 67 +++++++++++++++++++++++++++++++++-------------
 docker-compose.yml |  9 +++++++
 2 files changed, 58 insertions(+), 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0378ba3..c131f26 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,44 +1,75 @@
 FROM ruby:latest
 
+# uncomment these if you are having this issue with the build:
+# /usr/local/bundle/gems/jekyll-4.3.4/lib/jekyll/site.rb:509:in `initialize': Permission denied @ rb_sysopen - /srv/jekyll/.jekyll-cache/.gitignore (Errno::EACCES)
+# ARG GROUPID=901
+# ARG GROUPNAME=ruby
+# ARG USERID=901
+# ARG USERNAME=jekyll
+
 ENV DEBIAN_FRONTEND noninteractive
 
-Label MAINTAINER Amir Pourmand
+LABEL authors="Amir Pourmand,George Araújo" \
+      description="Docker image for al-folio academic template" \
+      maintainer="Amir Pourmand"
 
-RUN apt-get update -y && apt-get install -y --no-install-recommends \
-    locales \
-    nodejs npm \
-    imagemagick \
-    build-essential \
-    zlib1g-dev \
-    python3-pip \
-    inotify-tools procps && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* && \
-    pip install nbconvert --break-system-packages
+# uncomment these if you are having this issue with the build:
+# /usr/local/bundle/gems/jekyll-4.3.4/lib/jekyll/site.rb:509:in `initialize': Permission denied @ rb_sysopen - /srv/jekyll/.jekyll-cache/.gitignore (Errno::EACCES)
+# add a non-root user to the image with a specific group and user id to avoid permission issues
+# RUN groupadd -r $GROUPNAME -g $GROUPID && \
+#     useradd -u $USERID -m -g $GROUPNAME $USERNAME
 
+# install system dependencies
+RUN apt-get update -y && \
+    apt-get install -y --no-install-recommends \
+        build-essential \
+        curl \
+        imagemagick \
+        inotify-tools \
+        locales \
+        nodejs \
+        procps \
+        python3-pip \
+        zlib1g-dev && \
+    pip --no-cache-dir install --upgrade --break-system-packages nbconvert
 
+# clean up
+RUN apt-get clean && \
+    apt-get autoremove && \
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*  /tmp/*
+
+# set the locale
 RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
     locale-gen
 
-
-ENV LANG=en_US.UTF-8 \
+# set environment variables
+ENV EXECJS_RUNTIME=Node \
+    JEKYLL_ENV=production \
+    LANG=en_US.UTF-8 \
     LANGUAGE=en_US:en \
-    LC_ALL=en_US.UTF-8 \
-    JEKYLL_ENV=production
+    LC_ALL=en_US.UTF-8
 
+# create a directory for the jekyll site
 RUN mkdir /srv/jekyll
 
+# copy the Gemfile and Gemfile.lock to the image
 ADD Gemfile.lock /srv/jekyll
 ADD Gemfile /srv/jekyll
 
+# set the working directory
 WORKDIR /srv/jekyll
 
 # install jekyll and dependencies
-RUN gem install jekyll bundler
-
+RUN gem install --no-document jekyll bundler
 RUN bundle install --no-cache
-# && rm -rf /var/lib/gems/3.1.0/cache
+
 EXPOSE 8080
 
 COPY bin/entry_point.sh /tmp/entry_point.sh
 
+# uncomment this if you are having this issue with the build:
+# /usr/local/bundle/gems/jekyll-4.3.4/lib/jekyll/site.rb:509:in `initialize': Permission denied @ rb_sysopen - /srv/jekyll/.jekyll-cache/.gitignore (Errno::EACCES)
+# set the ownership of the jekyll site directory to the non-root user
+# USER $USERNAME
+
 CMD ["/tmp/entry_point.sh"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 961cf0c..426a9a5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,15 @@ services:
   jekyll:
     image: amirpourmand/al-folio:v0.12.0
     build: .
+    # uncomment these if you are having this issue with the build:
+    # /usr/local/bundle/gems/jekyll-4.3.4/lib/jekyll/site.rb:509:in `initialize': Permission denied @ rb_sysopen - /srv/jekyll/.jekyll-cache/.gitignore (Errno::EACCES)
+    # and fill the args values with the output of the commands on the right
+    # build:
+    #   args:
+    #     GROUPID: # id -g
+    #     GROUPNAME: # id -gn
+    #     USERID: # id -u
+    #     USERNAME: # echo $USER
     ports:
       - 8080:8080
       - 35729:35729