Match Rails 7.1 templates: placate k8s runAsNonRoot

rails/rails@7ff33d8

lib/generators/templates/Dockerfile.erb

@@ -222,27 +222,30 @@ RUN mkdir /data
 <% else -%>
 # Run and own only the runtime files as a non-root user for security
 <% if options.compose? -%>
+<% user = "rails:rails" -%>
 ARG UID=1000 \
     GID=1000
 RUN groupadd -f -g $GID rails && \
     useradd -u $UID -g $GID rails --create-home --shell /bin/bash && \
 <% else -%>
-RUN useradd rails --create-home --shell /bin/bash && \
+<% user = "1000:1000" -%>
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
 <% end -%>
 <% if options.nginx? -%>
-    chown rails:rails /var/lib/nginx /var/log/nginx/* && \
+    chown <%= user %> /var/lib/nginx /var/log/nginx/* && \
 <% end -%>
 <% if deploy_packages.include?("sudo") && options.sudo? -%>
     sed -i 's/env_reset/env_keep="*"/' /etc/sudoers && \
 <% end -%>
 <% if deploy_database == 'sqlite3' -%>
     mkdir /data<% if using_litefs? %> /litefs<% end %> && \
-    chown -R rails:rails <%= Dir[*%w(db log storage tmp)].join(" ") %> /data<% if using_litefs? %> /litefs<% end %>
+    chown -R <%= user %> <%= Dir[*%w(db log storage tmp)].join(" ") %> /data<% if using_litefs? %> /litefs<% end %>
 <% else -%>
-    chown -R rails:rails <%= Dir[*%w(db log storage tmp)].join(" ") %>
+    chown -R <%= user %> <%= Dir[*%w(db log storage tmp)].join(" ") %>
 <% end -%>
 <% unless options.swap? or using_passenger? or using_litefs? -%>
-USER rails:rails
+USER <%= user %>
 <% end -%>
 
 <% end -%>

test/results/bin_cd/Dockerfile

@@ -52,10 +52,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/cache/Dockerfile

@@ -76,10 +76,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/ci/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/config/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3" \

test/results/env/Dockerfile

@@ -53,10 +53,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/execjs_importmap/Dockerfile

@@ -68,10 +68,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/execjs_node/Dockerfile

@@ -76,10 +76,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/fullstaq/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/grover/Dockerfile

@@ -69,10 +69,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3" \

test/results/idle/Dockerfile

@@ -89,9 +89,10 @@ COPY --from=build /rails /rails
 COPY --from=build /root/.passenger/native_support /root/.passenger/native_support
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
+    chown -R 1000:1000 db log storage tmp /data
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/jemalloc/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3" \

test/results/label/Dockerfile

@@ -51,10 +51,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/litefs/Dockerfile

@@ -57,9 +57,10 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data /litefs && \
-    chown -R rails:rails db log storage tmp /data /litefs
+    chown -R 1000:1000 db log storage tmp /data /litefs
 
 # Authorize rails user to launch litefs
 COPY <<-"EOF" /etc/sudoers.d/rails

test/results/litestack/Dockerfile

@@ -54,10 +54,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/minimal/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/nginx/Dockerfile

@@ -82,11 +82,12 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
-    chown rails:rails /var/lib/nginx /var/log/nginx/* && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
+    chown 1000:1000 /var/lib/nginx /var/log/nginx/* && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3" \

test/results/no_prep/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/parallel/Dockerfile

@@ -77,10 +77,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/precompile_defer/Dockerfile

@@ -37,10 +37,11 @@ RUN apt-get update -qq && \
     rm -rf /var/lib/apt/lists /var/cache/apt/archives
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/rmagick/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/swap/Dockerfile

@@ -49,9 +49,10 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
+    chown -R 1000:1000 db log storage tmp /data
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/vite/Dockerfile

@@ -60,10 +60,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/windows/Dockerfile

@@ -53,10 +53,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3"

test/results/yjit/Dockerfile

@@ -49,10 +49,11 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     mkdir /data && \
-    chown -R rails:rails db log storage tmp /data
-USER rails:rails
+    chown -R 1000:1000 db log storage tmp /data
+USER 1000:1000
 
 # Deployment options
 ENV DATABASE_URL="sqlite3:///data/production.sqlite3" \