docker: make runtime image user/group creation robust in Dockerfile.server (support HOST_UID/HOST_GID; reuse existing UID/GID; chown by numeric UID:GID; use numeric USER)

Dockerfile.server

@@ -14,6 +14,10 @@ RUN npm run build
 ## Production image
 FROM node:20-alpine AS runtime
 
+# Allow host UID/GID to be specified at build time.
+ARG HOST_UID=1000
+ARG HOST_GID=1000
+
 WORKDIR /
 
 # Copy built server
@@ -21,7 +25,25 @@ COPY --from=builder /server/dist ./server/dist
 COPY --from=builder /server/node_modules ./server/node_modules
 COPY server/package*.json /server/
 
+## Create hostuser in runtime image so runtime-created files have proper uid/gid
+RUN if ! getent group ${HOST_GID} >/dev/null 2>&1; then \
+			addgroup -g ${HOST_GID} hostgroup; \
+		else \
+			echo "group for GID ${HOST_GID} already exists"; \
+		fi
+
+RUN if ! getent passwd ${HOST_UID} >/dev/null 2>&1; then \
+			adduser -D -u ${HOST_UID} -G hostgroup hostuser; \
+		else \
+			echo "user for UID ${HOST_UID} already exists"; \
+			mkdir -p /home/hostuser || true; \
+		fi
+
+RUN chown -R ${HOST_UID}:${HOST_GID} /server || true
+
 WORKDIR /server
 ENV NODE_ENV=production
+ENV HOME=/home/hostuser
+USER ${HOST_UID}:${HOST_GID}
 EXPOSE 8930
 CMD ["npm", "start"]