Merge pull request #3168 from cisagov/dk/3166-node-permissions-fix

#3166: Fix for node container permissions bug

src/docker-compose.yml

@@ -85,6 +85,7 @@ services:
     volumes:
       - .:/app
     working_dir: /app
+    entrypoint: /app/node_entrypoint.sh
     stdin_open: true
     tty: true
     command: ./run_node_watch.sh

src/node.Dockerfile

@@ -1,9 +1,9 @@
 FROM docker.io/cimg/node:current-browsers
 WORKDIR /app
 
+USER root
+
 # Install app dependencies
 # A wildcard is used to ensure both package.json AND package-lock.json are copied
 # where available (npm@5+)
-COPY --chown=circleci:circleci package*.json ./
-
-RUN npm install
+COPY --chown=circleci:circleci package*.json ./

src/node_entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Get UID and GID of the /app directory owner
+HOST_UID=$(stat -c '%u' /app)
+HOST_GID=$(stat -c '%g' /app)
+
+# Check if the circleci user exists
+if id "circleci" &>/dev/null; then
+  echo "circleci user exists. Updating UID and GID to match host UID:GID ($HOST_UID:$HOST_GID)"
+
+  # Update circleci user's UID and GID
+  groupmod -g "$HOST_GID" circleci
+  usermod -u "$HOST_UID" circleci
+
+  echo "Updating ownership of /app recursively to circleci:circleci"
+  chown -R circleci:circleci /app
+
+  # Switch to circleci user and execute the command
+  echo "Switching to circleci user and running command: $@"
+  su -s /bin/bash -c "$*" circleci
+else
+  echo "circleci user does not exist. Running command as the current user."
+  exec "$@"
+fi

src/run_node_watch.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+
 npm install
 npm rebuild
 dir=./registrar/assets