From 776a6e8973d47a9b35bdc6ec971d9128ca08fd66 Mon Sep 17 00:00:00 2001
From: davidtio <davidtio@fosstech.biz>
Date: Sat, 28 Feb 2026 18:47:21 +0800
Subject: [PATCH] Pin app user to uid/gid=1000 for Clouderized bind mount
 compatibility

Clouderized platform convention: all containers run as uid=1000/gid=1000
so data directories (owned by host cldrzd user) are writable without
insecure world-write permissions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index cfd4965..6f6e2c1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@ RUN sbt "set test in assembly := false" assembly
 # === Runtime stage ===
 FROM eclipse-temurin:25-jre-alpine
 
-RUN addgroup -S app && adduser -S app -G app
+RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
 RUN mkdir -p /data && chown app:app /data
 WORKDIR /app