web-app-chess: fix Corepack/Yarn EACCES and switch to ARG-driven Dockerfile

• Add roles/web-app-chess/files/Dockerfile using build ARGs (CHESS_VERSION, CHESS_REPO_URL, CHESS_REPO_REF, CHESS_ENTRYPOINT_REL, CHESS_ENTRYPOINT_INT, CHESS_APP_DATA_DIR, CONTAINER_PORT). Enable Corepack/Yarn as root in the runtime stage to avoid EACCES on /usr/local/bin symlinks, then drop privileges to 'node'. • Delete Jinja-based templates/Dockerfile.j2; docker-compose now passes former Jinja vars via build.args. • Update templates/docker-compose.yml.j2 to forward all required build args. • Update config/main.yml: add CSP flag 'script-src-elem: unsafe-inline'. Ref: https://chatgpt.com/share/68b88d3d-3bd8-800f-9723-e8df0cdc37e2
2025-10-31 18:29:21 +00:00 · 2025-09-03 20:47:50 +02:00
parent 699a6b6f1e
commit 33a5fadf67
4 changed files with 77 additions and 53 deletions
--- a/roles/web-app-chess/templates/docker-compose.yml.j2
+++ b/roles/web-app-chess/templates/docker-compose.yml.j2
@@ -4,8 +4,13 @@
      context: .
      dockerfile: Dockerfile
      args:
+        CHESS_VERSION: "{{ CHESS_VERSION }}"
        CHESS_REPO_URL: "{{ CHESS_REPO_URL }}"
        CHESS_REPO_REF: "{{ CHESS_REPO_REF }}"
+        CHESS_ENTRYPOINT_REL: "{{ CHESS_ENTRYPOINT_REL }}"
+        CHESS_ENTRYPOINT_INT: "{{ CHESS_ENTRYPOINT_INT }}"
+        CHESS_APP_DATA_DIR: "{{ CHESS_APP_DATA_DIR }}"
+        CONTAINER_PORT: "{{ container_port | string }}"
    image: "{{ CHESS_CUSTOM_IMAGE }}"
    container_name: "{{ CHESS_CONTAINER }}"
    hostname: "{{ CHESS_HOSTNAME }}"