We extensively use Docker at FUN. Mostly for developement, but also in production. In this document, you will find a few guidelines on how we write, run and manage our containers.
it is commonly assumed that Docker containers should not run commands with a privileged account as the root user. So it's a good practice to create and declare a USER in your Dockerfile. When a docker volume is mounted from the host to a container, you may then encounter permission issues with the container's user trying to create new files on the host volume (e.g. when installing dependencies with npm), and this is a good thing! But it is a bit annoying as it may break your development workflow.
A workaround to solve this issue is to use the --user option of docker(-compose) run:
$ docker-compose run --rm --user="$(id -u):$(id -g)" node yarn install
In the previous example, we force our local user id and primary group id both accessible in a shell context via the id command. This little trick can also be used in a Makefile:
# Docker
COMPOSE = docker-compose
COMPOSE_RUN = $(COMPOSE) run --rm
COMPOSE_RUN_NODE = $(COMPOSE_RUN) --user="$(id -u):$(id -g)" node
# Node
YARN = $(COMPOSE_RUN_NODE) yarn
build-saas: ## build Sass files to CSS
@$(YARN) sass
.PHONY: build-saas