From 99f22ce90ca471c0aa4476e9fa1a38caaf9cded3 Mon Sep 17 00:00:00 2001
From: Lee Harrold <lhharrold@sep.com>
Date: Fri, 5 Apr 2024 22:09:27 -0400
Subject: [PATCH] testing new docker strat

---
 _infrastructure/scripts/deploy.sh |  2 +-
 api/cloud/BaseImage.Dockerfile    | 27 ++++++++++++++++++++++++++-
 api/cloud/Final.Dockerfile        | 29 +++++++++++++++--------------
 api/cloud/appUser.sh              |  3 ++-
 4 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/_infrastructure/scripts/deploy.sh b/_infrastructure/scripts/deploy.sh
index 0c79ad3..5beecb0 100644
--- a/_infrastructure/scripts/deploy.sh
+++ b/_infrastructure/scripts/deploy.sh
@@ -10,7 +10,7 @@ cd web || exit 1
 # Build and run Dockerfile
 cd api || exit 1
 
-docker build . -f cloud/Dockerfile -t drive-gooder-container-repository:"${CONTAINER_TAG}".
+docker build . -f cloud/Final.Dockerfile -t drive-gooder-container-repository:"${CONTAINER_TAG}".
 
 docker run -d \
   -p 80:80 \
diff --git a/api/cloud/BaseImage.Dockerfile b/api/cloud/BaseImage.Dockerfile
index 4230ec8..b6900b9 100644
--- a/api/cloud/BaseImage.Dockerfile
+++ b/api/cloud/BaseImage.Dockerfile
@@ -19,8 +19,33 @@ RUN apt-get -y install nginx \
 ENV PYTHONUNBUFFERED=1
 # Don't create `.pyc` files:
 ENV PYTHONDONTWRITEBYTECODE=1
-
 WORKDIR "/app"
+
+RUN groupadd --gid 1010 socketWriters                                       \
+    && usermod -a -G socketWriters www-data                                     \
+    && pwd=$(cat /proc/sys/kernel/random/uuid)                                  \
+    && echo "$pwd" > password                                                   \
+# create appUser
+# gid 1010 is socketWriters
+# uid 1007 will own the /app dir
+# Coqui saves models to the user's home dir, so we need to create a user with a home dir
+    && useradd -u 1007 -g 1010 -m -p "$(cat password)" appUser                  \ 
+    && shred -u password                                                        \
+# set HOME on non-login user changes for appUser:
+    && sed -i '1s;^;export HOME="/home/appUser"\n;' /home/appUser/.bashrc       \
+    && sed -i '1s;^;echo "running bashrc for appUser"\n;' /home/appUser/.bashrc \
+    && sed -i '1s;^;source ./.venv/bin/activate\n;' /home/appUser/.bashrc     &&\
+# Create the .local and share directories if useradd does not make them 
+    if [ ! -d "/home/appUser/.local" ]; then                                    \
+    mkdir -p "/home/appUser/.local/share/tts"                                 \
+# coqui seems to use both tts and tts-caches
+    mkdir -p "/home/appUser/.local/share/tts-cache"                           \
+    chown -R appUser "/home/appUser/"                                         \
+    fi                                                                          \
+# make appUser owner of /app. This operation takes a long time
+    && chown -R appUser /app
+
+USER appUser
 RUN pip install --upgrade pip
 RUN pip install poetry && poetry config virtualenvs.in-project true
 COPY poetry.lock pyproject.toml ./
diff --git a/api/cloud/Final.Dockerfile b/api/cloud/Final.Dockerfile
index 1ad584c..19d003c 100644
--- a/api/cloud/Final.Dockerfile
+++ b/api/cloud/Final.Dockerfile
@@ -5,25 +5,26 @@ FROM halzinnia/drive-gooder-base:v0.0.3
 ARG WORKDIR
 WORKDIR ${WORKDIR}
 
-COPY backend backend
-COPY cloud/start.sh cloud/uwsgi.ini ./
-RUN chmod +x start.sh
-COPY ./cloud/nginx.conf /etc/nginx
-
-# copy built static FE to docker image
-COPY /build frontend
-
 # create ssl cert to encrypt requests between FE and BE
-# too careful? maybe
-RUN cd /etc/nginx/certs \ 
+# too careful? maybe.
+RUN mkdir /etc/nginx/certs \
+    && cd /etc/nginx/certs \ 
     && openssl req -x509 -newkey \
     rsa:4096 -keyout key.pem -out cert.pem \
     -sha256 -days 365 -nodes -subj "/C=US/ST=IN/L=Indianapolis/O=BTYT/OU=clowns/CN=drive-gooder"
 
-# configure appUser
-COPY cloud/appUser.sh cloud/appUserStart.sh ./ 
-RUN chmod +x appUser.sh appUserStart.sh
-RUN ./appUser.sh
+COPY ./cloud/nginx.conf /etc/nginx
+
+# We're trying this int he BaseImage now:
+# setup appUser, uid 1007 and gid 1010 (socketwriters group)
+# COPY cloud/appUser.sh ./
+# RUN chmod +x appUser.sh \
+#     && ./appUser.sh
+
+COPY --chown=1007:1010 backend backend
+COPY --chown=1007:1010 /build frontend
+COPY --chown=1007:1010 cloud/start.sh cloud/uwsgi.ini cloud/appUserStart.sh ./
+RUN chmod +x start.sh appUserStart.sh
 
 # add a dev ssh key
 # RUN mkdir /home/appUser/.ssh
diff --git a/api/cloud/appUser.sh b/api/cloud/appUser.sh
index 9f383e0..315093b 100644
--- a/api/cloud/appUser.sh
+++ b/api/cloud/appUser.sh
@@ -9,7 +9,8 @@ echo "$pwd" > password
 
 # create appUser
 # gid 1010 is socketWriters
-useradd -g 1010 -m -p "$(cat password)" appUser # create user with a home dir. Coqui saves models to the user's home dir
+# uid 1007 will own the /app dir
+useradd -u 1007 -g 1010 -m -p "$(cat password)" appUser # create user with a home dir. Coqui saves models to the user's home dir
 shred -u password
 
 # set HOME on non-login user changes for appUser: