fix(input): run watcher as codex user

2025-10-15 17:38:07 -05:00
parent 92fc6e5d68
commit b359b39b50
3 changed files with 7 additions and 51 deletions
--- a/input/Docker/Dockerfile
+++ b/input/Docker/Dockerfile
@@ -11,7 +11,6 @@ RUN apt-get update \
    && apt-get install --yes --no-install-recommends \
        python3 \
        python3-venv \
-        gosu \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

@@ -19,8 +18,9 @@ RUN apt-get update \
 # The CLI expects credentials/configuration from the mounted ~/.codex directory.
 RUN npm install --location=global @openai/codex

-RUN groupadd -r codex && \
-    useradd -r -m -g codex -s /bin/bash codex
+RUN groupmod --new-name codex node \
+    && usermod --login codex --home /home/codex --move-home node \
+    && chown -R codex:codex /home/codex

 WORKDIR /app

@@ -28,4 +28,6 @@ COPY watch_and_customize.py entrypoint.sh JobDescriptionNormalizerPrompt.md ./

 RUN chmod +x /app/watch_and_customize.py /app/entrypoint.sh

+USER codex
+
 ENTRYPOINT ["/app/entrypoint.sh"]
--- a/input/Docker/docker-compose.yml
+++ b/input/Docker/docker-compose.yml
@@ -8,8 +8,6 @@ services:
    container_name: RCEO-AI-ResumeCustomizer-InputProcessor
    restart: "no"
    environment:
-      PUID: "${LOCAL_UID:-1000}"
-      PGID: "${LOCAL_GID:-1000}"
      POLL_INTERVAL_SECONDS: "${POLL_INTERVAL_SECONDS:-5}"
      CODEX_TIMEOUT_SECONDS: "${CODEX_TIMEOUT_SECONDS:-600}"
    volumes:
--- a/input/Docker/entrypoint.sh
+++ b/input/Docker/entrypoint.sh
@@ -1,58 +1,14 @@
 #!/usr/bin/env bash
 set -euo pipefail

-USER_NAME=codex
-PUID=${PUID:-1000}
-PGID=${PGID:-1000}
-
-ensure_group() {
-  local desired_gid=$1
-  local group_name
-
-  if getent group "${desired_gid}" >/dev/null 2>&1; then
-    group_name=$(getent group "${desired_gid}" | cut -d: -f1)
-    echo "${group_name}"
-    return 0
-  fi
-
-  if getent group "${USER_NAME}" >/dev/null 2>&1; then
-    groupmod -o -g "${desired_gid}" "${USER_NAME}"
-    echo "${USER_NAME}"
-    return 0
-  fi
-
-  groupadd -o -g "${desired_gid}" "${USER_NAME}"
-  echo "${USER_NAME}"
-}
-
-ensure_user() {
-  local desired_uid=$1
-  local primary_group=$2
-
-  if getent passwd "${USER_NAME}" >/dev/null 2>&1; then
-    usermod -o -u "${desired_uid}" -g "${primary_group}" -d "/home/${USER_NAME}" -s /bin/bash "${USER_NAME}"
-  else
-    useradd -o -m -u "${desired_uid}" -g "${primary_group}" -s /bin/bash "${USER_NAME}"
-  fi
-}
-
-GROUP_NAME=$(ensure_group "${PGID}")
-ensure_user "${PUID}" "${GROUP_NAME}"
-
+USER_NAME=${USER_NAME:-codex}
 USER_HOME=$(eval echo "~${USER_NAME}")

 mkdir -p /workspace/inbox /workspace/outbox /workspace/processed /workspace/failed
 mkdir -p "${USER_HOME}/.codex"

-for path in /workspace/inbox /workspace/outbox /workspace/processed /workspace/failed "${USER_HOME}" "${USER_HOME}/.codex"; do
-  if [ -e "${path}" ]; then
-    chown -R "${PUID}:${PGID}" "${path}"
-  fi
-done
-
 export HOME="${USER_HOME}"
 export XDG_CACHE_HOME="${USER_HOME}/.cache"
 mkdir -p "${XDG_CACHE_HOME}"
-chown -R "${PUID}:${PGID}" "${XDG_CACHE_HOME}"

-exec gosu "${PUID}:${PGID}" python3 /app/watch_and_customize.py
+exec python3 /app/watch_and_customize.py