From 04ef0b08c8c2f62bc3c3db5d21e27d79b3425f36 Mon Sep 17 00:00:00 2001
From: Thorsten Bus <thorsten@buss-labs.de>
Date: Mon, 30 Mar 2026 22:37:02 +0200
Subject: [PATCH] refactor: entrypoint with WWWUSER/WWWGROUP for FPM UID/GID
 mapping

- Entrypoint remaps www-data to host UID/GID via WWWUSER/WWWGROUP env vars
- Moves composer install, storage setup, migrate into entrypoint
- Removes inline command from docker-compose
- Defaults to 1000:1000, configurable via .env
---
 .env.example        |  4 ++++
 build/Dockerfile    |  3 +++
 build/entrypoint.sh | 20 ++++++++++++++++++++
 docker-compose.yml  |  9 ++-------
 4 files changed, 29 insertions(+), 7 deletions(-)
 create mode 100755 build/entrypoint.sh

diff --git a/.env.example b/.env.example
index 27e7a64..926db7d 100644
--- a/.env.example
+++ b/.env.example
@@ -84,3 +84,7 @@ UPLOAD_TEMP_DIR=/tmp
 # TestData
 TEST_CTS_USERNAME=
 TEST_CTS_PASSWORD=
+
+# Docker: map FPM worker to host user (run `id -u` and `id -g`)
+WWWUSER=1000
+WWWGROUP=1000
diff --git a/build/Dockerfile b/build/Dockerfile
index 8958a54..d78669e 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -32,10 +32,13 @@ WORKDIR /app
 COPY build/fpm-healthcheck.conf /usr/local/etc/php-fpm.d/zz-healthcheck.conf
 COPY build/php-error-logging.conf /usr/local/etc/php-fpm.d/zz-error-logging.conf
 COPY build/php-errors.ini /usr/local/etc/php/conf.d/errors.ini
+COPY build/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
 
 EXPOSE 9000
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
     CMD SCRIPT_NAME=/ping SCRIPT_FILENAME=/ping REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep -q pong || exit 1
 
+ENTRYPOINT ["entrypoint.sh"]
 CMD ["php-fpm"]
diff --git a/build/entrypoint.sh b/build/entrypoint.sh
new file mode 100755
index 0000000..4c1f401
--- /dev/null
+++ b/build/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+if [ -n "$WWWUSER" ] && [ "$WWWUSER" != "0" ]; then
+    deluser www-data 2>/dev/null || true
+    adduser -D -u "$WWWUSER" -G www-data www-data 2>/dev/null || true
+fi
+
+if [ -n "$WWWGROUP" ] && [ "$WWWGROUP" != "0" ]; then
+    delgroup www-data 2>/dev/null || true
+    addgroup -g "$WWWGROUP" www-data 2>/dev/null || true
+fi
+
+composer install --no-interaction
+mkdir -p storage/logs storage/framework/views storage/framework/cache storage/framework/sessions
+chown -R www-data:www-data storage bootstrap/cache
+chmod -R 775 storage bootstrap/cache
+php artisan migrate --force
+
+exec "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
index 0185a71..d095abb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,14 +6,9 @@ services:
     container_name: pp-planer-app
     restart: unless-stopped
     working_dir: /app
-    command: >-
-      sh -c "composer install --no-interaction
-      && mkdir -p storage/logs storage/framework/views storage/framework/cache
-      && chown -R www-data:www-data storage bootstrap/cache
-      && chmod -R 775 storage bootstrap/cache
-      && php artisan migrate --force
-      && php-fpm"
     environment:
+      - WWWUSER=${WWWUSER:-1000}
+      - WWWGROUP=${WWWGROUP:-1000}
       - APP_ENV=${APP_ENV}
       - APP_DEBUG=${APP_DEBUG}
       - APP_KEY=${APP_KEY}