From d0f8a3ed7137e6f4a8e89bd1c8967af7cc494713 Mon Sep 17 00:00:00 2001
From: Ernesto Baschny <eb@cron.eu>
Date: Tue, 23 Apr 2024 22:55:37 +0200
Subject: [PATCH 1/2] Use "path context" for docker build

The default "git context" will garble the file permissions.
Apparently there is a "umask 000" (all files get 666/777 permissions).
This affects the "COPY /files/ssh/ /"
---
 .github/workflows/build-and-push.yml | 2 ++
 .github/workflows/build-only.yml     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
index ff7c58d..c35eea3 100644
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@@ -45,6 +45,7 @@ jobs:
       - name: "Docker build and push (fpm image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-fpm:php-${{ matrix.php-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: true
@@ -103,6 +104,7 @@ jobs:
       - name: "Docker build and push (ssh image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-ssh:php-${{ matrix.php-version }}-node-${{ matrix.node-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: true
diff --git a/.github/workflows/build-only.yml b/.github/workflows/build-only.yml
index 501209e..d828483 100644
--- a/.github/workflows/build-only.yml
+++ b/.github/workflows/build-only.yml
@@ -32,6 +32,7 @@ jobs:
       - name: "Docker build only (fpm image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-fpm:php-${{ matrix.php-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: false
@@ -68,6 +69,7 @@ jobs:
       - name: "Docker build only (ssh image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-ssh:php-${{ matrix.php-version }}-node-${{ matrix.node-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: false

From 909263513e7da9de84ae0e6e9d6e0f0a27aefbfb Mon Sep 17 00:00:00 2001
From: Ernesto Baschny <eb@cron.eu>
Date: Tue, 23 Apr 2024 23:02:24 +0200
Subject: [PATCH 2/2] Fix permissions of copied files

Make sure the copied files have the correct permissions regardless
on how docker copies them with "COPY" (so it does not depend on
local environmental circumstances).
---
 Dockerfile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1776b6c..4c1297a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -123,7 +123,7 @@ RUN rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
 
 # Add entrypoint scripts
 COPY files/entrypoint*.sh /
-RUN chmod +x /*.sh
+RUN chmod 755 /*.sh
 
 # Configure PHP and PHP-FPM
 ADD files/php.ini /usr/local/etc/php/conf.d/zz-01-custom.ini
@@ -214,10 +214,18 @@ HEALTHCHECK --interval=5s --timeout=1s CMD pgrep sshd > /dev/null || exit 1
 RUN usermod -s /bin/bash application
 
 COPY files/ssh/ /
+COPY files/entrypoint-extras.sh /
+# Fix permissions of copied files
+RUN <<-EOF
+    set -ex
+    chmod 755 /etc /etc/profile.d /etc/profile.d/docker-prompt.sh
+    find /home -type d -exec chmod 755 {} \;
+    find /home -type f -exec chmod 644 {} \;
+    chmod 755 /*.sh
+EOF
 
 # Disable XDEBUG by default (can be enabled via XDEBUG_MODE in entrypoint-extras.sh
 RUN rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
-COPY files/entrypoint-extras.sh /
 
 RUN chmod +x /*.sh && chown -R application: /home/application