In rootless Docker, uid=0 in-container = cldrzd on host (not privileged).
Pinning to uid=1000 in-container mapped to host uid=100999 (phantom UID),
which cannot write to the cldrzd-owned data directory.
The Dockerfile USER directive is overridden by compose user: "0" anyway,
so revert to a standard non-root app user without explicit uid/gid.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Clouderized platform convention: all containers run as uid=1000/gid=1000
so data directories (owned by host cldrzd user) are writable without
insecure world-write permissions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker mounts named volumes as root by default. Without pre-creating /data
in the image with correct ownership, the app user cannot write tasks.db,
causing a 502 on any route that touches TaskStore.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Dockerfile is customer-owned. docker-compose.yml and clouderized.yaml
are operator-generated and live outside the customer repo.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
These are operator-managed files generated by the Clouderized platform.
Customer repos contain source code only.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update group ID from io.github.nicoburniske to com.greenfossil
- Downgrade thoriumVersion to 0.10.10
- Expand assemblyMergeStrategy for Armeria/Netty service files and module-info.class
- Fix Dockerfile COPY path to scala-3.7.1
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
