fix: volumes use host directory permission error (#501)

* fix: volumes use host directory permission error

.github/workflows/integration-tests.yml

@@ -41,11 +41,15 @@ jobs:
           VITEST_MIN_THREADS: 1
         run: |
           make ${{ matrix.database-type }}.integration.test
+          pnpm -F "@teable/backend" test-unit-cover
+          pnpm -F "@teable/backend" merge-cover
+          pnpm -F "@teable/backend" generate-cover
 
       - name: Coveralls Parallel
         uses: coverallsapp/github-action@v2
         with:
           flag-name: run-${{ join(matrix.*, '-') }}
+          file: apps/nestjs-backend/coverage/nestjs-backend/clover.xml
           parallel: true
 
   finish:

.github/workflows/unit-tests.yml

@@ -8,10 +8,10 @@ on:
     branches:
       - develop
     paths:
-      - 'apps/nestjs-backend/**'
       - 'apps/nextjs-app/**'
       - 'packages/core/**'
       - 'packages/sdk/**'
+      - 'packages/openapi/**'
 
 jobs:
   test:
@@ -44,7 +44,7 @@ jobs:
 
       - name: 🧪 Run Tests
         run: |
-          pnpm g:test-unit-cover
+          pnpm -F "\!@teable/backend" -r --parralel test-unit-cover
 
       - name: Coveralls Parallel
         uses: coverallsapp/github-action@v2

dockers/teable/Dockerfile

@@ -48,15 +48,14 @@ WORKDIR /app
 
 COPY --from=deps --link /workspace-install ./
 
-RUN set -eux; \
-    echo "NEXT_PUBLIC_BUILD_VERSION=\"${BUILD_VERSION}\"" >> apps/nextjs-app/.env
-
+RUN set -ex; \
+        echo "NEXT_PUBLIC_BUILD_VERSION=\"${BUILD_VERSION}\"" >> apps/nextjs-app/.env; \
 # Distinguish whether it is an integration test operation
-RUN if [ -n "$INTEGRATION_TEST" ]; then \
-        pnpm -F "./packages/**" run build; \
-    else \
-        NODE_OPTIONS=--max-old-space-size=8192 pnpm g:build; \
-    fi
+        if [ -n "$INTEGRATION_TEST" ]; then \
+              pnpm -F "./packages/**" run build; \
+        else \
+              NODE_OPTIONS=--max-old-space-size=8192 pnpm g:build; \
+        fi
 
 
 ##################################################################
@@ -69,11 +68,13 @@ ENV NODE_ENV=production
 
 WORKDIR /app
 
-RUN rm -fr node_modules && pnpm nuke:node_modules && \
-      chmod +x ./scripts/post-build-cleanup.mjs && zx ./scripts/post-build-cleanup.mjs
-
-RUN pnpm install --prod --prefer-offline --frozen-lockfile
-RUN pnpm -F @teable/db-main-prisma prisma-generate --schema ./prisma/postgres/schema.prisma
+RUN set -ex; \
+        rm -fr node_modules; \
+        pnpm nuke:node_modules; \
+        chmod +x ./scripts/post-build-cleanup.mjs; \
+        zx ./scripts/post-build-cleanup.mjs; \
+        pnpm install --prod --prefer-offline --frozen-lockfile; \
+        pnpm -F @teable/db-main-prisma prisma-generate --schema ./prisma/postgres/schema.prisma
 
 
 ##################################################################
@@ -86,20 +87,55 @@ ENV TZ=UTC \
     NODE_ENV=production \
     PORT=${NEXTJS_APP_PORT:-3000}
 
-RUN npm install zx -g && \
-      apt-get update && apt-get install -y curl openssl && \
-      rm -rf /var/lib/apt/lists/*
+RUN set -ex; \
+        npm install zx -g; \
+        apt-get update; \
+        apt-get install -y --no-install-recommends \
+                curl \
+                openssl \
+    	; \
+    	rm -rf /var/lib/apt/lists/*
+
+# install gosu for a better su+exec command
+# https://github.com/tianon/gosu/blob/master/INSTALL.md
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+# save list of currently installed packages for later so we can clean up
+        savedAptMark="$(apt-mark showmanual)"; \
+        apt-get update; \
+        apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
+        rm -rf /var/lib/apt/lists/*; \
+        \
+        dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+        wget -nv -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+        wget -nv -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+        \
+# verify the signature
+        export GNUPGHOME="$(mktemp -d)"; \
+        gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+        gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+        gpgconf --kill all; \
+        rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+        \
+# clean up fetch dependencies
+        apt-mark auto '.*' > /dev/null; \
+        [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+        apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+        \
+        chmod +x /usr/local/bin/gosu; \
+# verify that the binary works
+        gosu --version; \
+        gosu nobody true
 
 WORKDIR /app
 
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nodejs
-
+RUN set -ex; \
+        addgroup --system --gid 1001 nodejs; \
+        adduser --system --uid 1001 nodejs; \
 # Set the correct permission for local cache
-RUN mkdir .assets && chown nodejs:nodejs .assets && \
-    mkdir .temporary && chown nodejs:nodejs .temporary
-
-USER nodejs
+        mkdir .assets; \
+        mkdir .temporary; \
+        chown -R nodejs:nodejs /app
 
 COPY --from=post-builder --chown=nodejs:nodejs /app/apps/nextjs-app/next.config.js \
                     /app/apps/nextjs-app/next-i18next.config.js \
@@ -125,4 +161,7 @@ COPY --chown=nodejs:nodejs scripts/start.mjs ./scripts/start.mjs
 
 EXPOSE ${PORT}
 
+COPY scripts/entrypoint/docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
 CMD ["scripts/start.mjs"]

dockers/teable/Dockerfile.db-migrate

@@ -15,11 +15,8 @@ COPY --link packages/db-main-prisma/prisma/postgres ./postgres_migrate
 
 COPY --link packages/db-main-prisma/prisma/sqlite ./sqlite_migrate
 
-RUN cd postgres_migrate && \
-      prisma generate
-
-RUN cd sqlite_migrate && \
-      prisma generate
+RUN cd postgres_migrate && prisma generate
+RUN cd sqlite_migrate && prisma generate
 
 
 FROM node:${NODE_VERSION}-bookworm-slim AS runner
@@ -30,14 +27,21 @@ ENV TZ=UTC
 ENV NODE_ENV=production
 ENV BUILD_VERSION=$BUILD_VERSION
 
-RUN npm install zx @soluble/dsn-parser @prisma/client@${PRISMA_VERSION} prisma@${PRISMA_VERSION} -g && \
-      apt-get update && apt-get install -y openssl netcat-traditional wget && \
-      rm -rf /var/lib/apt/lists/*
+RUN set -eux; \
+        npm install zx @soluble/dsn-parser \
+                       @prisma/client@${PRISMA_VERSION} \
+                       prisma@${PRISMA_VERSION} -g; \
+        apt-get update; \
+        apt-get install -y --no-install-recommends \
+                openssl \
+                netcat-traditional \
+                wget \
+    	; \
+    	rm -rf /var/lib/apt/lists/*; \
+        ln -s /usr/local/lib/node_modules node_modules
 
 WORKDIR /prisma
 
-RUN ln -s /usr/local/lib/node_modules node_modules
-
 COPY --from=prisma /prisma/postgres_migrate ./postgres_migrate
 COPY --from=prisma /prisma/sqlite_migrate ./sqlite_migrate
 

scripts/entrypoint/docker-entrypoint.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -Eeo pipefail
+
+if [ "$(id -u)" = '0' ]; then
+  # Set the correct permission for local cache
+  find /app/.assets \! -user nodejs -exec chown nodejs '{}' +
+  find /app/.temporary \! -user nodejs -exec chown nodejs '{}' +
+
+  # then restart script as nodejs user
+  exec gosu nodejs "$BASH_SOURCE" "$@"
+fi
+
+exec "$@"