feat(docker): move from inline script to entrypoint

apps/server/Dockerfile.alpine.rootless

@@ -41,25 +41,11 @@ ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data
 # Use dumb-init as entrypoint to handle signals properly
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
-# This script will handle UID/GID checks and start the app
+# Copy the entrypoint script
-CMD [ "sh", "-c", "\
+COPY rootless-entrypoint.sh /home/${USER}/app/
-if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ] || [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \
+RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh
-  echo \"Detected UID:GID mismatch\"; \
+
-  if [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \
+# Use the entrypoint script
-    echo \"ERROR: Cannot change GID at runtime in rootless mode.\"; \
+CMD ["/home/${USER}/app/rootless-entrypoint.sh"]
-    echo \"       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \
-    exit 1; \
-  fi; \
-  if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ]; then \
-    echo \"ERROR: Cannot change UID at runtime in rootless mode.\"; \
-    echo \"       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \
-    exit 1; \
-  fi; \
-fi; \
-# Make sure data directory has correct permissions \
-mkdir -p \"${TRILIUM_DATA_DIR}\"; \
-# Start the app \
-exec node ./main \
-" ]
 
 HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js

apps/server/Dockerfile.rootless

@@ -40,27 +40,11 @@ ENV TRILIUM_UID=${UID}
 ENV TRILIUM_GID=${GID}
 ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data
 
-# This script will handle UID/GID remapping if needed and then start the app
+# Copy the entrypoint script
-CMD [ "sh", "-c", "\
+COPY rootless-entrypoint.sh /home/${USER}/app/
-if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ] || [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \
+RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh
-  echo \"Remapping user ${USER} to UID:GID ${TRILIUM_UID}:${TRILIUM_GID}\"; \
+
-  # Use 'id -u' and 'id -g' to get current UID and GID \
+# Use the entrypoint script
-  if [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \
+CMD ["/home/${USER}/app/rootless-entrypoint.sh"]
-    # Need root to modify user/group, but we can't use sudo, so we need to exit \
-    echo \"ERROR: Cannot change GID at runtime in rootless mode.\"; \
-    echo \"       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \
-    exit 1; \
-  fi; \
-  if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ]; then \
-    echo \"ERROR: Cannot change UID at runtime in rootless mode.\"; \
-    echo \"       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \
-    exit 1; \
-  fi; \
-fi; \
-# Make sure data directory has correct permissions \
-mkdir -p \"${TRILIUM_DATA_DIR}\"; \
-# Start the app \
-exec node ./main \
-" ]
 
 HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js

apps/server/rootless-entrypoint.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+# Rootless entrypoint script for Trilium Notes
+# Works with both Debian and Alpine-based images
+
+# Check if runtime UID/GID match the expected values
+if [ "${TRILIUM_UID}" != "$(id -u)" ] || [ "${TRILIUM_GID}" != "$(id -g)" ]; then
+  echo "Detected UID:GID mismatch (current: $(id -u):$(id -g), expected: ${TRILIUM_UID}:${TRILIUM_GID})"
+  # Check GID mismatch
+  if [ "${TRILIUM_GID}" != "$(id -g)" ]; then
+    echo "ERROR: Cannot change GID at runtime in rootless mode."
+    echo "       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead."
+    exit 1
+  fi
+  # Check UID mismatch
+  if [ "${TRILIUM_UID}" != "$(id -u)" ]; then
+    echo "ERROR: Cannot change UID at runtime in rootless mode."
+    echo "       Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead."
+    exit 1
+  fi
+fi
+
+# Make sure data directory has correct permissions
+mkdir -p "${TRILIUM_DATA_DIR}"
+
+# Start the app
+exec node ./main