From d9867471a419f7479f7dd6819c5b5f355e47a2c9 Mon Sep 17 00:00:00 2001
From: Florian du Garage Num <makayabou@gmail.com>
Date: Tue, 30 Sep 2025 21:42:59 +0200
Subject: [PATCH] remove hard-coded uid 1000

---
 tutorcredentials/patches/k8s-deployments                      | 4 ++--
 .../templates/credentials/build/credentials/Dockerfile        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tutorcredentials/patches/k8s-deployments b/tutorcredentials/patches/k8s-deployments
index e8891c8..77279e1 100644
--- a/tutorcredentials/patches/k8s-deployments
+++ b/tutorcredentials/patches/k8s-deployments
@@ -15,8 +15,8 @@ spec:
         app.kubernetes.io/name: credentials
     spec:
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
+        runAsUser: {{ APP_USER_ID }}
+        runAsGroup: {{ APP_USER_ID }}
       containers:
         - name: credentials
           image: {{ CREDENTIALS_DOCKER_IMAGE }}
diff --git a/tutorcredentials/templates/credentials/build/credentials/Dockerfile b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
index 5cbde20..1eb8859 100644
--- a/tutorcredentials/templates/credentials/build/credentials/Dockerfile
+++ b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
@@ -111,7 +111,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     && apt install -y libxml2 libmysqlclient-dev media-types mailcap
 
 # From then on, run as unprivileged "app" user
-ARG APP_USER_ID=1000
+ARG APP_USER_ID={{ HOST_USER_ID }}
 RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
 RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
 USER ${APP_USER_ID}