remove hard-coded uid 1000

tutordiscovery/patches/k8s-deployments

@@ -15,8 +15,8 @@ spec:
         app.kubernetes.io/name: discovery
     spec:
       securityContext:
-        runAsUser: 1000
+        runAsUser: {{ APP_USER_ID }}
-        runAsGroup: 1000
+        runAsGroup: {{ APP_USER_ID }}
       containers:
         - name: discovery
           image: {{ DISCOVERY_DOCKER_IMAGE }}
@@ -53,9 +53,9 @@ spec:
         app.kubernetes.io/name: elasticsearch
     spec:
       securityContext:
-        runAsUser: 1000
+        runAsUser: {{ APP_USER_ID }}
-        runAsGroup: 1000
+        runAsGroup: {{ APP_USER_ID }}
-        fsGroup: 1000
+        fsGroup: {{ APP_USER_ID }}
         fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - name: elasticsearch

tutordiscovery/patches/local-docker-compose-permissions-command

@@ -1 +1 @@
-{% if DISCOVERY_RUN_ELASTICSEARCH %}setowner 1000 /mounts/elasticsearch{% endif %}
+{% if DISCOVERY_RUN_ELASTICSEARCH %}setowner {{ APP_USER_ID }} /mounts/elasticsearch{% endif %}

tutordiscovery/patches/local-docker-compose-services

@@ -25,7 +25,7 @@ discovery:
         soft: -1
         hard: -1
     restart: unless-stopped
-    user: "1000:1000"
+    user: "{{ APP_USER_ID }}:{{ APP_USER_ID }}"
     volumes:
       - ../../data/elasticsearch:/usr/share/elasticsearch/data
     depends_on:

tutordiscovery/templates/discovery/build/discovery/Dockerfile

@@ -11,7 +11,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     pkg-config libsqlite3-dev media-types mailcap libbz2-dev liblzma-dev
 ENV LC_ALL=en_US.UTF-8
 
-ARG APP_USER_ID=1000
+ARG APP_USER_ID={{ HOST_USER_ID }}
 RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
 RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
 USER ${APP_USER_ID}