don't hardcode UID/GID for runtime

contrib/docker/Dockerfile

@@ -17,6 +17,8 @@ ARG PHP_EXTENSIONS_EXTRA=""
 ARG PHP_EXTENSIONS="intl bcmath zip pcntl exif curl gd"
 ARG PHP_VERSION="8.1"
 ARG APT_PACKAGES_EXTRA=""
+ARG RUNTIME_UID=33
+ARG RUNTIME_GID=33
 
 # GPG key for nginx apt repository
 ARG NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
@@ -56,6 +58,8 @@ FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base
 ARG PHP_VERSION
 ARG PHP_DEBIAN_RELEASE
 ARG APT_PACKAGES_EXTRA
+ARG RUNTIME_UID
+ARG RUNTIME_GID
 
 ARG TARGETPLATFORM
 ARG BUILDKIT_SBOM_SCAN_STAGE=true
@@ -67,7 +71,7 @@ SHELL ["/bin/bash", "-c"]
 
 RUN set -ex \
 	&& mkdir -pv /var/www/ \
-	&& chown -R 33:33 /var/www
+	&& chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www
 
 WORKDIR /var/www/
 
@@ -193,6 +197,8 @@ FROM base AS composer-and-src
 
 ARG PHP_VERSION
 ARG PHP_DEBIAN_RELEASE
+ARG RUNTIME_UID
+ARG RUNTIME_GID
 ARG TARGETPLATFORM
 
 # Make sure composer cache is targeting our cache mount later
@@ -207,11 +213,11 @@ ENV COMPOSER_NO_INTERACTION=1
 # Copy composer from https://hub.docker.com/_/composer
 COPY --link --from=composer-image /usr/bin/composer /usr/bin/composer
 
-#! Changing user to 33
-USER 33:33
+#! Changing user to runtime user
+USER ${RUNTIME_UID}:${RUNTIME_GID}
 
 # Copy over only composer related files so docker layer cache isn't invalidated on PHP file changes
-COPY --link --chown=33:33 composer.json composer.lock /var/www/
+COPY --link --chown=${RUNTIME_UID}:${RUNTIME_GID} composer.json composer.lock /var/www/
 
 # Install composer dependencies
 # NOTE: we skip the autoloader generation here since we don't have all files avaliable (yet)
@@ -220,7 +226,7 @@ RUN --mount=type=cache,id=pixelfed-composer-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}
 	&& composer install --prefer-dist --no-autoloader --ignore-platform-reqs
 
 # Copy all other files over
-COPY --link --chown=33:33 . /var/www/
+COPY --link --chown=${RUNTIME_UID}:${RUNTIME_GID} . /var/www/
 
 # Generate optimized autoloader now that we have all files around
 RUN set -ex \
@@ -237,7 +243,7 @@ FROM base AS shared-runtime
 
 COPY --link --from=php-extensions /usr/local/lib/php/extensions /usr/local/lib/php/extensions
 COPY --link --from=php-extensions /usr/local/etc/php /usr/local/etc/php
-COPY --link --from=composer-and-src --chown=33:33 /var/www /var/www
+COPY --link --from=composer-and-src --chown=${RUNTIME_UID}:${RUNTIME_GID} /var/www /var/www
 COPY --link --from=forego-image /usr/local/bin/forego /usr/local/bin/forego
 COPY --link contrib/docker/php.production.ini "$PHP_INI_DIR/php.ini"
 

contrib/docker/shared/docker-entrypoint.d/10-storage.sh

@@ -4,10 +4,10 @@ set -o errexit -o nounset -o pipefail
 source /lib.sh
 
 entrypoint_log "==> Create the storage tree if needed"
-as_www_user cp --recursive storage.skel/* storage/
+as_runtime_user cp --recursive storage.skel/* storage/
 
 entrypoint_log "==> Ensure storage is linked"
-as_www_user php artisan storage:link
+as_runtime_user php artisan storage:link
 
 entrypoint_log "==> Ensure permissions are correct"
-chown --recursive www-data:www-data storage/ bootstrap/
+chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/

contrib/docker/shared/docker-entrypoint.d/20-horizon.sh

@@ -3,4 +3,4 @@ set -o errexit -o nounset -o pipefail
 
 source /lib.sh
 
-as_www_user php artisan horizon:publish
+as_runtime_user php artisan horizon:publish

contrib/docker/shared/docker-entrypoint.d/30-cache.sh

@@ -3,11 +3,11 @@ set -o errexit -o nounset -o pipefail
 
 source /lib.sh
 
-entrypoint_log "==> config:cache"
-as_www_user php artisan config:cache
-
 entrypoint_log "==> route:cache"
-as_www_user php artisan route:cache
+as_runtime_user php artisan route:cache
 
 entrypoint_log "==> view:cache"
-as_www_user php artisan view:cache
+as_runtime_user php artisan view:cache
+
+entrypoint_log "==> config:cache"
+as_runtime_user php artisan config:cache

contrib/docker/shared/lib.sh

@@ -8,6 +8,6 @@ function entrypoint_log() {
     fi
 }
 
-function as_www_user() {
-	su --preserve-environment www-data --shell /bin/bash --command "${*}"
+function as_runtime_user() {
+    su --preserve-environment ${RUNTIME_UID} --shell /bin/bash --command "${*}"
 }