#!/usr/bin/env bash set -euo pipefail USER_NAME="developer" CURRENT_UID=$(id -u "$USER_NAME") CURRENT_GID=$(id -g "$USER_NAME") # ── UID/GID adjustment ─────────────────────────────────────────────── # Priority: env vars > auto-detect from /workspace > default (1000) TARGET_UID="${USER_UID:-}" TARGET_GID="${USER_GID:-}" # Auto-detect from /workspace owner if env vars not set if [ -z "$TARGET_UID" ] && [ -d /workspace ]; then WORKSPACE_UID=$(stat -c '%u' /workspace 2>/dev/null || stat -f '%u' /workspace 2>/dev/null) WORKSPACE_GID=$(stat -c '%g' /workspace 2>/dev/null || stat -f '%g' /workspace 2>/dev/null) # Only adjust if workspace is owned by a non-root user if [ "$WORKSPACE_UID" != "0" ] && [ "$WORKSPACE_UID" != "$CURRENT_UID" ]; then TARGET_UID="$WORKSPACE_UID" TARGET_GID="${TARGET_GID:-$WORKSPACE_GID}" fi fi # Apply UID/GID changes if needed if [ -n "$TARGET_GID" ] && [ "$TARGET_GID" != "$CURRENT_GID" ]; then groupmod -g "$TARGET_GID" "$USER_NAME" 2>/dev/null || true find /home/"$USER_NAME" -not -path "/home/$USER_NAME/.ssh/*" -group "$CURRENT_GID" -exec chgrp "$TARGET_GID" {} + 2>/dev/null || true fi if [ -n "$TARGET_UID" ] && [ "$TARGET_UID" != "$CURRENT_UID" ]; then usermod -u "$TARGET_UID" "$USER_NAME" 2>/dev/null || true find /home/"$USER_NAME" -not -path "/home/$USER_NAME/.ssh/*" -user "$CURRENT_UID" -exec chown "$TARGET_UID" {} + 2>/dev/null || true echo "Adjusted developer UID:GID to $TARGET_UID:${TARGET_GID:-$CURRENT_GID}" fi # ── SSH key permissions ────────────────────────────────────────────── # If SSH keys are mounted, fix permissions (bind mounts may have wrong perms) if [ -d "/home/$USER_NAME/.ssh" ] && [ "$(ls -A "/home/$USER_NAME/.ssh" 2>/dev/null)" ]; then chmod 700 "/home/$USER_NAME/.ssh" find "/home/$USER_NAME/.ssh" -type f -name "id_*" ! -name "*.pub" -exec chmod 600 {} \; 2>/dev/null || true find "/home/$USER_NAME/.ssh" -type f -name "*.pub" -exec chmod 644 {} \; 2>/dev/null || true [ -f "/home/$USER_NAME/.ssh/known_hosts" ] && chmod 644 "/home/$USER_NAME/.ssh/known_hosts" [ -f "/home/$USER_NAME/.ssh/config" ] && chmod 600 "/home/$USER_NAME/.ssh/config" fi # ── Drop to developer user for remaining setup ────────────────────── exec gosu "$USER_NAME" /usr/local/bin/entrypoint-user.sh "$@"