Ensure permissions on volumes are correct

mv public directory inside a single RUN to not increase the image

debian/Dockerfile

@@ -58,11 +58,8 @@ RUN chown www-data:www-data /var/www \
         && chmod -R 755 /var/www/.chrome; \
     fi
 
-# Install PHP extensions installer
-ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
-
 # Install Required PHP extensions.
-RUN install-php-extensions \
+RUN ( curl -sSLf https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - || echo 'return 1' ) | sh -s \
     bcmath \
     exif \
     gd \
@@ -86,24 +83,24 @@ COPY rootfs /
 
 USER www-data
 
-# Download and extract application
-RUN set -eux; \ 
-    DOWNLOAD_URL=$(curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
-    grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4) && \
-    curl -L "$DOWNLOAD_URL" | tar -oxvz -C /var/www/html
-
-RUN cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html
-
-# Set working directory
 WORKDIR /var/www/html
 
-# Install dependencies
-RUN composer install --no-dev --no-scripts --no-autoloader
-
-# Generate optimized autoloader and clear cache
-RUN composer dump-autoload --optimize \
+# Setup InvoiceNinja
+RUN curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
+    grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4 | \
+    xargs curl -L | tar -oxvz -C /var/www/html \
+    && cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
+    # File permissions
+    && find /var/www/html/ -type f -exec chmod 644 {} \; \
+    # Directory permissions
+    && find /var/www/html/ -type d -exec chmod 755 {} \; \
+    # Install dependencies
+    && composer install --no-dev --no-scripts --no-autoloader \
+    && composer dump-autoload --optimize \
     && php artisan optimize \
-    && php artisan storage:link
+    && php artisan storage:link \
+    # Workaround for application updates
+    && mv /var/www/html/public /tmp/public
 
 USER root
 
@@ -113,10 +110,6 @@ COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 # Add initialization script
 COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
-# Create upload directories
-RUN mkdir -p /var/www/html/public/uploads \
-    && chmod -R 775 /var/www/html/public/uploads
-
 # Health check
 HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
     CMD php -v || exit 1

debian/docker-compose.yml

@@ -13,13 +13,13 @@ services:
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env:ro
+      - ./.env:/var/www/html/.env
       - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
       - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
       - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
       - app_storage:/var/www/html/storage
       - app_cache:/var/www/html/bootstrap/cache
-      - image_public:/var/www/html/public:ro
+      - image_public:/var/www/html/public
     networks:
       - app-network
     depends_on:

debian/scripts/init.sh

@@ -29,10 +29,23 @@ docker_process_init_files() {
     done
 }
 
+# Workaround for application updates
+rm -rf /var/www/html/public/*
+mv /tmp/public/* /var/www/html/public/
+
+# Create upload directory
+mkdir -p /var/www/html/public/uploads
+
 # Ensure owner, file and directory permissions are correct
-chown -R www-data:www-data /var/www/html/
-find /var/www/html/ -type f -exec chmod 644 {} \;
-find /var/www/html/ -type d -exec chmod 755 {} \;
+chown -R www-data:www-data \
+    /var/www/html/storage \
+    /var/www/html/public
+find /var/www/html/storage \
+    /var/www/html/public \
+        -type f -exec chmod 644 {} \;
+find /var/www/html/storage \
+    /var/www/html/public \
+        -type d -exec chmod 755 {} \;
 
 # Clear and cache config in production
 if [ "$APP_ENV" = "production" ]; then