Run Docker container with a specific user.

Pass --user (`DOCKER_USER`) attribute when creating the container.

This has no effect in production since we are using the same user and
group than the one defined inside the Dockerfile image (docs:docs).
Although, this allow us to avoid permissions conflicts when running
the build with Docker locally (development) since we can pass our
current user.

That way, every file created/modified inside the container will be
done using the current UID and GID defined by the developer.

This can be done as,

local_settings.py
DOCKER_USER = f'{os.geteuid()}:{os.getegid()}'

With this change, there is no need to re-build the Docker image used
in production with our own custom `USER` instruction.

https://docs.docker.com/engine/reference/run/#user

Co-authored-by: Raúl Cumplido <raulcumplido@gmail.com>

readthedocs/doc_builder/environments.py

@@ -1025,6 +1025,7 @@ def create_container(self):
                 host_config=self.get_container_host_config(),
                 detach=True,
                 environment=self.environment,
+                user=settings.DOCKER_USER,
             )
             client.start(container=self.container_id)
         except ConnectionError:

readthedocs/settings/base.py

@@ -276,6 +276,15 @@ def USE_PROMOS(self):  # noqa
 
     # Docker
     DOCKER_ENABLE = False
+
+    # User used to create the container.
+    # In production we use the same user than the one defined by the
+    # ``USER docs`` instruction inside the Dockerfile.
+    # In development, we can use the "UID:GID" of the current user running the
+    # instance to avoid file permissions issues.
+    # https://docs.docker.com/engine/reference/run/#user
+    DOCKER_USER = 'docs:docs'
+
     DOCKER_DEFAULT_IMAGE = 'readthedocs/build'
     DOCKER_DEFAULT_VERSION = 'latest'
     DOCKER_IMAGE = '{}:{}'.format(DOCKER_DEFAULT_IMAGE, DOCKER_DEFAULT_VERSION)