We extensively use Docker at FUN. Mostly for developement, but also in production. In this document, you will find a few guidelines on how we write, run and manage our containers.

Docker/host user mapping

it is commonly assumed that Docker containers should not run commands with a privileged account as the root user. So it's a good practice to create and declare a USER in your Dockerfile. When a docker volume is mounted from the host to a container, you may then encounter permission issues with the container's user trying to create new files on the host volume (e.g. when installing dependencies with npm), and this is a good thing! But it is a bit annoying as it may break your development workflow.

A workaround to solve this issue is to use the --user option of docker(-compose) run:

$ docker-compose run --rm --user="$(id -u):$(id -g)" node yarn install

In the previous example, we force our local user id and primary group id both accessible in a shell context via the id command. This little trick can also be used in a Makefile:

# Docker
COMPOSE              = docker-compose
COMPOSE_RUN          = $(COMPOSE) run --rm
COMPOSE_RUN_NODE     = $(COMPOSE_RUN) --user="$(id -u):$(id -g)" node

# Node
YARN                 = $(COMPOSE_RUN_NODE) yarn

build-saas: ## build Sass files to CSS
    @$(YARN) sass
.PHONY: build-saas