bunker-admin
1b80e8294c
The agent container runs as root but the bind-mounted instance directory is owned by the host user (UID 1000 = `node` in the container). Modern git refuses to operate on such repos without an explicit safe.directory entry, breaking upgrade-check.sh's `git fetch/log` calls on source-installed tenants. Verified empirically on soroush after the previous fix landed. Bunker Admin
27 lines
1.0 KiB
Docker
27 lines
1.0 KiB
Docker
FROM node:20-alpine AS builder
|
|
RUN apk add --no-cache git
|
|
WORKDIR /app
|
|
COPY package*.json ./
|
|
RUN npm ci
|
|
COPY tsconfig.json ./
|
|
COPY src/ ./src/
|
|
RUN npx tsc
|
|
|
|
FROM node:20-alpine
|
|
# bash + curl + jq + python3 are required by the changemaker scripts the agent
|
|
# shells out to (upgrade-check.sh, upgrade.sh, backup.sh). Without them, every
|
|
# /upgrade/* and /backup/* call returns "command not found" failures.
|
|
RUN apk add --no-cache docker-cli docker-cli-compose git rsync bash curl jq python3
|
|
# Agent runs as root, but the bind-mounted /app/instance is owned by the host
|
|
# user (UID 1000 = `node` inside the container). Modern git refuses to operate
|
|
# on repos with mismatched ownership without an explicit safe.directory entry.
|
|
# Wildcard whitelist all paths — the agent only mounts a single host directory
|
|
# anyway (the instance's project root).
|
|
RUN git config --system --add safe.directory '*'
|
|
WORKDIR /app
|
|
COPY package*.json ./
|
|
RUN npm ci --production
|
|
COPY --from=builder /app/dist/ ./dist/
|
|
EXPOSE 7443
|
|
CMD ["node", "dist/server.js"]
|