Fix directory permissions

kpalang · kpalang · commit 4ed4d204c62e · 2025-07-03T23:34:18.000+03:00
Signed-off-by: Kaur Palang &lt;kaur.palang@brightcodecompany.com&gt;
diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
@@ -0,0 +1,64 @@
+name: build-images.yaml
+on:
+  workflow_dispatch:
+
+jobs:
+  validate-yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check for duplicate slugs
+        working-directory: deploy
+        run: yq '.versions | map(.slug) | group_by(.) | map(select(length > 1) | .[0])' releases.yaml
+
+  get-gomplate:
+    runs-on: ubuntu-latest
+    env:
+      GOMPLATE_VERSION: 4.3.2
+      GOMPLATE_SHA512: ed77ea781cc2b63fbb325dbb29bbe3041f5158ccaec555fdc79b6ecca1b4c48fb6be2fee6612469c715b77fb9179be6e263ee1d58773232dfc346249afe660ab
+      GOMPLATE_DIR: ${{ github.workspace }}/.cache/gomplate
+      GOMPLATE_BIN: ${{ github.workspace }}/.cache/gomplate/gomplate
+    steps:
+      - name: Cache gomplate binary
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.GOMPLATE_DIR }}
+          key: |
+            gomplate-${{ env.GOMPLATE_VERSION }}-${{ env.GOMPLATE_SHA512 }}
+          restore-keys: |
+            gomplate-${{ env.GOMPLATE_VERSION }}-
+
+      - name: Download gomplate
+        if: steps.cache.outputs.cache-hit != 'true'
+        shell: bash
+        run: |
+          mkdir -p "${GOMPLATE_DIR}"
+          curl -fsSL --output "${GOMPLATE_BIN}" "https://github.com/hairyhenderson/gomplate/releases/download/v$GOMPLATE_VERSION/gomplate_linux-amd64"
+          echo "${{ env.GOMPLATE_SHA512 }} ${GOMPLATE_BIN}" | sha512sum --check --status
+          chmod +x "${GOMPLATE_BIN}"
+
+      # 4. Put gomplate on PATH for the rest of the job.
+      - name: Add gomplate to PATH
+        shell: bash
+        run: echo "${GOMPLATE_DIR}" >> "${GITHUB_PATH}"
+
+      # Example: prove it works
+      - name: Show gomplate version
+        run: gomplate --version
+
+  render-dockerfiles:
+    runs-on: ubuntu-latest
+    needs:
+      - validate-yaml
+      - get-gomplate
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Render Dockerfiles
+        working-directory: templating
+        run: |
+          ./gomplate
diff --git a/dockerfiles/4.5.2-tp.1/Dockerfile b/dockerfiles/4.5.2-tp.1/Dockerfile
@@ -28,8 +28,6 @@ COPY --chmod=755 entrypoint.sh /opt/engine/entrypoint.sh
 
 RUN rm -rf cli-lib manager-lib \
     && rm mirth-cli-launcher.jar oiecommand
-
-RUN chown -R 1000:1000 /opt/engine
 FROM eclipse-temurin:17.0.15_6-jre-noble AS ubuntu-jre
 
 ARG CREATED_AT
@@ -52,7 +50,8 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/* \
     && groupmod --new-name engine ubuntu \
     && usermod -l engine ubuntu \
-    && usermod -aG engine engine
+    && usermod -aG engine engine \
+    && chown -R 1000:1000 /opt/engine
 
 VOLUME /opt/engine/appdata
 VOLUME /opt/engine/custom-extensions
@@ -86,7 +85,8 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/* \
     && groupmod --new-name engine ubuntu \
     && usermod -l engine ubuntu \
-    && usermod -aG engine engine
+    && usermod -aG engine engine \
+    && chown -R 1000:1000 /opt/engine
 
 VOLUME /opt/engine/appdata
 VOLUME /opt/engine/custom-extensions
@@ -116,7 +116,8 @@ LABEL \
 COPY --from=downloader /opt/engine /opt/engine
 
 RUN apk add --no-cache bash unzip \
-    && adduser -D -H -u 1000 engine engine
+    && adduser -D -H -u 1000 engine engine \
+    && chown -R 1000:1000 /opt/engine
 
 VOLUME /opt/engine/appdata
 VOLUME /opt/engine/custom-extensions
@@ -146,7 +147,8 @@ LABEL \
 COPY --from=downloader /opt/engine /opt/engine
 
 RUN apk add --no-cache bash unzip \
-    && adduser -D -H -u 1000 engine engine
+    && adduser -D -H -u 1000 engine engine \
+    && chown -R 1000:1000 /opt/engine
 
 VOLUME /opt/engine/appdata
 VOLUME /opt/engine/custom-extensions
diff --git a/templates/Dockerfile.tpl b/templates/Dockerfile.tpl
@@ -44,8 +44,6 @@ COPY --chmod=755 entrypoint.sh /opt/engine/entrypoint.sh
 RUN rm -rf cli-lib manager-lib \
     && rm mirth-cli-launcher.jar oiecommand
 
-RUN chown -R {{ $.config.uid }}:{{ $.config.gid }} /opt/engine
-
 {{- /* Assign current version slug into a variable to carry it into the tags iteration */}}
 {{- $slug := dict "slug" .version.slug -}}
 {{/* Iterate version tags to generate the final stages */}}
@@ -65,10 +63,12 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/* \
     && groupmod --new-name engine ubuntu \
     && usermod -l engine ubuntu \
-    && usermod -aG engine engine
+    && usermod -aG engine engine \
+    && chown -R {{ $.config.uid }}:{{ $.config.gid }} /opt/engine
 {{- else if eq .distro "alpine" }}
 RUN apk add --no-cache bash unzip \
-    && adduser -D -H -u {{ $.config.uid }} engine engine
+    && adduser -D -H -u {{ $.config.uid }} engine engine \
+    && chown -R {{ $.config.uid }}:{{ $.config.gid }} /opt/engine
 {{- end }}
 
 VOLUME /opt/engine/appdata
