As far as I can tell, it’s impossible to write to disk as a non-root user inside a docker container deployed on heroku (creating a non-root user and chowning a directory via the dockerfile works fine on my local machine).
I’m trying to create a simple api that ingest videos, processes them using ffmpeg and stores them. FFMPEG needs a disk path for its output (I tried using s3 pre-signed urls, but they don’t work with HLS which outputs multiple, dynamically-named files).
The containers deploy and work beautifully, locally…
Heroku runs docker build instructions as a non-root user, but the mounted volume is still somehow owned by root, and cannot be written to by the user executing commands in the application.
I can’t figure how to change directory permissions after the container’s file structure has been created. The build pipeline begins automatically on github deploy by executing the heroku.yml, and it’s all insufficient permissions from there.
People don’t just give up on using the local disk entirely when deploying docker to heroku, do they??
Here’s my heroku.yml:
build: docker: web: ./web/Dockerfile config: LC_ALL: C.UTF-8 LANG: C.UTF-8 run: worker: command: - rq worker --url redis://redistogo:xxxxxx/ my_queue image: web
and the salient dockerfile (note that chmod and chown work fine locally):
FROM ubuntu:18.04 WORKDIR /usr/src/app COPY requirements.txt . RUN pip3 install --no-cache-dir -r requirements.txt COPY . . RUN adduser -q worker # RUN chmod -R 0777 /usr/src/app # fails with insufficient permission # RUN chown -R worker /usr/src/app # fails with insufficient permission USER worker