docker: run container as non root

additionally this allows to specify the data and log directories in an
env file

docker/server/.env

@@ -0,0 +1,6 @@
+SEEREP_DATA_FOLDER=/tmp/seerep_data/
+SEEREP_LOG_PATH=/mnt/seerep_data/log/
+SEEREP_LOG_LEVEL=info
+TZ=Europe/Berlin
+USER_ID=1000
+GROUP_ID=1000

docker/server/Dockerfile

@@ -1,9 +1,9 @@
-# base container with all necessary dependencies
 ARG IMAGEBASE
 ARG IMAGEBASETAG
 FROM $IMAGEBASE:$IMAGEBASETAG
 
 USER root
+
 WORKDIR /seerep
 
 COPY certs src/certs/
@@ -13,7 +13,7 @@ COPY seerep_msgs src/seerep_msgs/
 COPY seerep_ros src/seerep_ros/
 COPY seerep_srv src/seerep_srv/
 COPY examples src/examples/
-COPY docker/start_server.sh src/start_server.sh
+COPY docker/server/start_server.sh src/start_server.sh
 
 RUN /bin/bash -c "source /opt/ros/noetic/setup.bash; catkin config --cmake-args -DCMAKE_BUILD_TYPE=Release; catkin build"
 

docker/server/docker-compose.yml

@@ -0,0 +1,26 @@
+services:
+  change_vol_ownership:
+    image: alpine:3.19
+    user: root
+    volumes:
+      - seerep_data:${SEEREP_DATA_FOLDER}
+      - seerep_log:${SEEREP_LOG_PATH}
+    command: chown -R ${USER_ID}:${GROUP_ID} ${SEEREP_DATA_FOLDER} ${SEEREP_LOG_PATH}
+  seerep:
+    image: ghcr.io/agri-gaia/seerep_base:latest
+    user: "${USER_ID}:${GROUP_ID}"
+    tty: true
+    container_name: seerep_server
+    env_file:
+      .env
+    ports:
+      - 9090:9090
+    volumes:
+      - seerep_data:${SEEREP_DATA_FOLDER}
+      - seerep_log:${SEEREP_LOG_PATH}
+    depends_on:
+      change_vol_ownership:
+        condition: service_completed_successfully
+volumes:
+  seerep_data:
+  seerep_log: