Pin app user to uid/gid=1000 for Clouderized bind mount compatibility

Clouderized platform convention: all containers run as uid=1000/gid=1000 so data directories (owned by host cldrzd user) are writable without insecure world-write permissions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 18:47:21 +08:00
parent 4760fd22c0
commit 776a6e8973
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@@ -19,7 +19,7 @@ RUN sbt "set test in assembly := false" assembly
 # === Runtime stage ===
 FROM eclipse-temurin:25-jre-alpine

-RUN addgroup -S app && adduser -S app -G app
+RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
 RUN mkdir -p /data && chown app:app /data
 WORKDIR /app