Make user ID configurable in Dockerfiles

[Fisiu]

Description

This PR makes the UID of the semaphore user inside the Docker container configurable at build time.

Why?
Many users run Semaphore on Linux hosts and want to avoid permission issues with mounted volumes (/var/lib/semaphore, Ansible venv, etc.) by matching the container UID with their host user UID.

Changes

• Added ARG USER_ID=1001 in the final Docker stage
• Updated adduser to use ${USER_ID}
• Updated COPY --chown= instruction
• Changed final USER instruction to USER ${USER_ID}
• Kept full backward compatibility (default remains 1001)

Usage

Build with custom UID:

docker build --build-arg USER_ID=1000 -t semaphore:custom .

Run with custom UID:

---
# docker-compose.yml

services:
  semaphore:
    image: semaphoreui/semaphore:latest
    user: "1000"          # or "${UID:-1001}"
    volumes:
      - ./data:/var/lib/semaphore

[cursor]

Security review (automation): PR #3853

Scope: deployment/docker/server/Dockerfile and deployment/docker/runner/Dockerfile — configurable container UID via ARG USER_ID=1001.

Outcome: No medium, high, or critical issues identified in the changed code.

Analysis (brief):

• The new value is a Docker build-time ARG with default 1001, substituted into adduser -u, COPY --chown, and USER. It does not expose Semaphore’s HTTP/API or runtime config to new attacker-controlled input.
• Official release workflows (e.g. .github/workflows/community_release.yml) do not pass USER_ID from PRs or other untrusted sources; downstream operators who control docker build already control the Dockerfile and build context.
• Choosing USER_ID=0 would run the process as root inside the image; that is an intentional deployment choice and was already achievable before this change (e.g. docker run --user 0), not a new auth boundary in the application.

No inline findings were filed because nothing met the bar for a substantiated medium+ vulnerability tied to this diff.

  

_{Sent by Cursor Automation: Find vulnerabilities}