Update Dockerfile to fix permission error on poetry install (#100)

nss10 · nss10 · commit 29f7dd82eb84 · 2026-02-10T16:03:54.000-06:00
diff --git a/Dockerfile b/Dockerfile
@@ -12,16 +12,21 @@ RUN chown -R gen3:gen3 /${appname}
 # Builder stage
 FROM base AS builder
 
+USER root
+
 # copy ONLY poetry artifact, install the dependencies but not the app;
 # this will make sure that the dependencies are cached
 COPY poetry.lock pyproject.toml /${appname}/
 RUN poetry install -vv --no-root --only main --no-interaction
 
-COPY --chown=gen3:gen3 . /${appname}
-
-# install the app
+COPY . /${appname}
 RUN poetry install --without dev --no-interaction
 
+# ensure the app dir + venv are owned by gen3 for runtime image
+RUN chown -R gen3:gen3 /${appname} /venv
+
+USER gen3
+
 # Final stage
 FROM base
 
diff --git a/docs/openapi.yaml b/docs/openapi.yaml
@@ -11,6 +11,11 @@ components:
       type: object
     ValidationError:
       properties:
+        ctx:
+          title: Context
+          type: object
+        input:
+          title: Input
         loc:
           items:
             anyOf:
diff --git a/gen3workflow/auth.py b/gen3workflow/auth.py
@@ -59,9 +59,9 @@ async def get_token_claims(self) -> dict:
             )
 
         try:
-            token_claims = await access_token(
-                "user", "openid", audience="openid", purpose="access"
-            )(self.bearer_token)
+            token_claims = await access_token("user", "openid", purpose="access")(
+                self.bearer_token
+            )
         except Exception as e:
             err_msg = "Could not verify, parse, and/or validate provided access token"
             logger.error(
diff --git a/poetry.lock b/poetry.lock
