From 79dde723bd0926119ae93d69309121b7e1d88f6a Mon Sep 17 00:00:00 2001
From: Benjamin Brummer <benjamin.brummer@pinteam.eu>
Date: Wed, 29 Oct 2025 08:33:47 +0100
Subject: [PATCH 1/4] ADD sets rw only for root

---
 debian/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/Dockerfile b/debian/Dockerfile
index 13333be..4797c3c 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -2,7 +2,7 @@ ARG PHP=8.4
 
 FROM php:${PHP}-fpm AS prepare-app
 
-ADD https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz /tmp/invoiceninja.tar.gz
+ADD --chown=www-data:www-data https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz /tmp/invoiceninja.tar.gz
 
 USER www-data
 

From cf822e0de99aa26430852800688747fec15cb3da Mon Sep 17 00:00:00 2001
From: Benjamin Brummer <benjamin.brummer@pinteam.eu>
Date: Wed, 29 Oct 2025 13:38:29 +0100
Subject: [PATCH 2/4] url as argument

---
 .github/workflows/publish-image-debian.yaml | 6 +++++-
 debian/Dockerfile                           | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-image-debian.yaml b/.github/workflows/publish-image-debian.yaml
index bcc53df..3a40c99 100644
--- a/.github/workflows/publish-image-debian.yaml
+++ b/.github/workflows/publish-image-debian.yaml
@@ -15,6 +15,7 @@ jobs:
       version: ${{ steps.version.outputs.version }}
       major: ${{ steps.version.outputs.major }}
       minor: ${{ steps.version.outputs.minor }}
+      url: ${{ steps.version.outputs.url }}
     steps:
       - id: version
         run: |
@@ -25,6 +26,7 @@ jobs:
           fi
           MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
           MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
 
           # Debug output
           echo "Current version: ${VERSION}"
@@ -33,6 +35,8 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "major=${MAJOR}" >> $GITHUB_OUTPUT
           echo "minor=${MINOR}" >> $GITHUB_OUTPUT
+          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
+          echo "url=${URL}" >> $GITHUB_OUTPUT
 
   build:
     runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
@@ -75,7 +79,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: debian
-          build-args: INVOICENINJA_VERSION=${{ needs.version.outputs.version }}
+          build-args: URL=${{ needs.version.outputs.url }}
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           tags: ${{ env.REGISTRY_IMAGE }}
diff --git a/debian/Dockerfile b/debian/Dockerfile
index 4797c3c..4e9b61d 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -2,7 +2,9 @@ ARG PHP=8.4
 
 FROM php:${PHP}-fpm AS prepare-app
 
-ADD --chown=www-data:www-data https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz /tmp/invoiceninja.tar.gz
+ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
+
+ADD --chown=www-data:www-data ${URL} /tmp/invoiceninja.tar.gz
 
 USER www-data
 

From af5e8d6b4f6ace36b70fa55a02e0f6d66f8e78fb Mon Sep 17 00:00:00 2001
From: Benjamin Brummer <benjamin.brummer@pinteam.eu>
Date: Wed, 29 Oct 2025 13:49:25 +0100
Subject: [PATCH 3/4] remove duplicate line

---
 .github/workflows/publish-image-debian.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish-image-debian.yaml b/.github/workflows/publish-image-debian.yaml
index 3a40c99..20fa057 100644
--- a/.github/workflows/publish-image-debian.yaml
+++ b/.github/workflows/publish-image-debian.yaml
@@ -35,7 +35,6 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "major=${MAJOR}" >> $GITHUB_OUTPUT
           echo "minor=${MINOR}" >> $GITHUB_OUTPUT
-          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
           echo "url=${URL}" >> $GITHUB_OUTPUT
 
   build:

From 40817ae28c6d93f820c311746af400307f71dd16 Mon Sep 17 00:00:00 2001
From: Benjamin Brummer <benjamin.brummer@pinteam.eu>
Date: Wed, 29 Oct 2025 14:16:12 +0100
Subject: [PATCH 4/4] move chown to next stage

---
 debian/Dockerfile | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/debian/Dockerfile b/debian/Dockerfile
index 4e9b61d..74d5c0a 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -4,9 +4,7 @@ FROM php:${PHP}-fpm AS prepare-app
 
 ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
 
-ADD --chown=www-data:www-data ${URL} /tmp/invoiceninja.tar.gz
-
-USER www-data
+ADD ${URL} /tmp/invoiceninja.tar.gz
 
 RUN tar -xzf /tmp/invoiceninja.tar.gz -C /var/www/html \
     && ln -s /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
@@ -78,8 +76,8 @@ RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 # Setup InvoiceNinja
-COPY --from=prepare-app /var/www/html /var/www/html
-COPY --from=prepare-app /tmp/public /tmp/public
+COPY --from=prepare-app --chown=www-data:www-data /var/www/html /var/www/html
+COPY --from=prepare-app --chown=www-data:www-data /tmp/public /tmp/public
 
 # Add initialization script
 COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh