1 files changed, 19 insertions, 1 deletions

diff --git a/docker/integration_test/web/Dockerfile b/docker/integration_test/web/Dockerfile
index 2ba7a5d..b9b2ad7 100644
--- a/docker/integration_test/web/Dockerfile
+++ b/docker/integration_test/web/Dockerfile
@@ -1,6 +1,6 @@
 FROM archlinux:base
 
-RUN pacman -Suy --noconfirm && pacman -S openssl git --noconfirm
+RUN pacman -Suy --noconfirm && pacman -S openssh openssl git --noconfirm
 
 # Docker still have this really stupied idea that all files must be relative "context",
 # so context is set to ../.. relative the docker-compose.yaml
@@ -8,8 +8,26 @@ COPY server/target/x86_64-unknown-linux-musl/debug/eyeballs-githook /app/eyeball
 COPY server/target/debug/eyeballs /app/eyeballs
 COPY docker/integration_test/web/setup.sh /app/setup.sh
 
+RUN mkdir -p /git/auth /git/repos
+
+# git image runs as default git user, with uid 1000 gid 1000.
+# we need the same, but it can't be named git (as package git installs a git user)
+# so add another user with 1000 gid 1000 and make sure that shared files
+# (/git/auth and /git/repos) are owned by that user and not root.
+RUN useradd --no-create-home --uid 1000 --user-group -s /usr/bin/nologin alf
+
+RUN chown alf:alf /app
+RUN chown alf:alf /git/auth
+RUN chown alf:alf /git/repos
+VOLUME /git/auth
+VOLUME /git/repos
+
+USER alf:alf
+
 RUN mkdir -p -m 0700 /app/.ssh
 COPY docker/integration_test/web/gitkey /app/.ssh/id_rsa
 
 WORKDIR /app
 ENTRYPOINT /app/setup.sh
+
+HEALTHCHECK --start-period=1s --interval=1m --timeout=1s CMD curl -f http://localhost:8000/api/v1/healthcheck