Fix Docker installation for Mac, Windows, and Linux

[Copilot]

Docker installation failed on Mac (GID 20 conflict), Windows (invalid environment variables), and had a critical bug affecting all platforms.

Changes

docker/Dockerfile:

• Fixed useradd using ${GROUP_NAME} instead of ${USER_NAME} for username parameter
• Added conditional group creation with getent group ${GROUP_ID} || groupadd ... to handle pre-existing groups
• Changed chown to use ${GROUP_ID} instead of ${GROUP_NAME} for consistency

Makefile:

• Enhanced OS detection to explicitly handle Windows variants (MINGW, MSYS, CYGWIN)
• Mac and Windows now use fixed UID=1000/GID=1000 to avoid platform-specific conflicts
• Linux/WSL continues using actual user IDs via id -u and id -g

Example

# Before - fails on Mac when GID 20 already exists
groupadd --gid ${GROUP_ID} ${GROUP_NAME}
useradd --gid ${GROUP_ID} --uid ${USER_ID} ${GROUP_NAME}  # Wrong variable

# After - handles existing groups and uses correct username
getent group ${GROUP_ID} || groupadd --gid ${GROUP_ID} ${GROUP_NAME}
useradd --gid ${GROUP_ID} --uid ${USER_ID} ${USER_NAME}

# Before - no Windows detection, fails on Mac staff group
ifeq ($(shell uname), Darwin)
    export UID=1000
    export GID=1000
else
    export UID=$(shell id -u)
    export GID=$(shell id -g)
endif

# After - explicit platform handling
UNAME_S := $(shell uname -s 2>/dev/null || echo Unknown)
ifeq ($(UNAME_S),Darwin)
    export UID=1000
    export GID=1000
else ifneq (,$(findstring MINGW,$(UNAME_S)))
    export UID=1000
    export GID=1000
# ... (MSYS, CYGWIN)
else
    export UID=$(shell id -u)
    export GID=$(shell id -g)
endif

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• pecl.php.net
  • Triggering command: /usr/local/bin/php /usr/local/bin/php -C -q -d include_path=/usr/local/lib/php -d date.timezone=UTC -d output_buffering=1 -d variables_order=EGPCS -d safe_mode=0 -d register_argc_argv=On /usr/local/lib/php/peclcmd.php channel-update pecl.php.net (dns block)
  • Triggering command: /usr/local/bin/php /usr/local/bin/php -C -q -d include_path=/usr/local/lib/php -d date.timezone=UTC -d output_buffering=1 -d variables_order=EGPCS -d safe_mode=0 -d register_argc_argv=On /usr/local/lib/php/peclcmd.php channel-update pecl.php.net /usr/bin/sed ine (dns block)
  • Triggering command: /usr/local/bin/php /usr/local/bin/php -C -q -d include_path=/usr/local/lib/php -d date.timezone=UTC -d output_buffering=1 -d variables_order=EGPCS -d safe_mode=0 -d register_argc_argv=On /usr/local/lib/php/peclcmd.php install xdebug ]\)/\\\1/g /usr/bin/sed (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Installation with Docker doesn't work</issue_title>
<issue_description>To reproduce the issue just follow "Installation with Docker" section of README.md.

What is the expected result?

Get app installed and set up

What do you get instead?

Error:

$ git clone https://github.com/np25071984/app.git
Cloning into 'app'...
remote: Enumerating objects: 2383, done.
remote: Counting objects: 100% (864/864), done.
remote: Compressing objects: 100% (343/343), done.
remote: Total 2383 (delta 592), reused 674 (delta 500), pack-reused 1519 (from 1)
Receiving objects: 100% (2383/2383), 633.44 KiB | 2.21 MiB/s, done.
Resolving deltas: 100% (1347/1347), done.
$ cd app/
$ make composer update
[+] Building 1.2s (7/9)                                                                                         docker:desktop-linux
 => [app internal] load build definition from Dockerfile                                                                        0.0s
 => => transferring dockerfile: 1.51kB                                                                                          0.0s
 => [app internal] load metadata for ghcr.io/shyim/wolfi-php/frankenphp:8.3                                                     1.0s
 => [app internal] load metadata for docker.io/composer/composer:latest-bin                                                     0.7s
 => [app internal] load .dockerignore                                                                                           0.0s
 => => transferring context: 175B                                                                                               0.0s
 => CACHED [app base 1/2] FROM ghcr.io/shyim/wolfi-php/frankenphp:8.3@sha256:6dc27a62141eccc6dae6b568cf61b4660998d7e535367e314  0.0s
 => CACHED [app composer 1/1] FROM docker.io/composer/composer:latest-bin@sha256:33f6a46e1997c2ad441d4b7940e9a8e78d1b4b160510b  0.0s
 => ERROR [app base 2/2] RUN <<SH (set -eo pipefail...)                                                                         0.1s
------                                                                                                                               
 > [app base 2/2] RUN <<SH (set -eo pipefail...):
0.091 + addgroup -g 1697215263 -S www-data
0.092 addgroup: number 1697215263 is not in 0..256000 range
------
failed to solve: process "/bin/sh -c     set -eo pipefail\n    set -x\n\n    # Add www-data group and user.\n    addgroup -g ${GID} -S www-data\n    adduser -u ${UID} -D -S -G www-data www-data\n\n    # Set volume permissions.\n    mkdir -p /data /config /app/runtime && \\\n    chown -R www-data:www-data /data /config /app/runtime\n\n    # Install extra packages.\n    apk add --no-cache \\\n    php-frankenphp-8.3-opcache \\\n    php-frankenphp-8.3-mbstring \\\n    php-frankenphp-8.3-intl \\\n    php-frankenphp-8.3-dom \\\n    php-frankenphp-8.3-curl \\\n    php-frankenphp-8.3-phar \\\n    php-frankenphp-8.3-openssl \\\n    php-frankenphp-8.3-xml \\\n    php-frankenphp-8.3-xmlwriter \\\n    php-frankenphp-8.3-simplexml \\\n    php-frankenphp-8.3-pdo\n" did not complete successfully: exit code: 1
make: *** [run] Error 17

Additional info

Q	A
Version	master
PHP version	none
Operating system	MacOS 15.2
</issue_description>

<agent_instructions>Fix Makefile so it works in all these environments mentioned.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@samdark What do you have if you run `id` in a local console? @xepozz What Mac do you have? Also send please `whereis brew` result @xepozz I think it's better to create a new user and run docker there @samdark It is OK. The problem is Mac-specific. I'll solve it a bit later. @samdark ``` => ERROR [app dev 3/3] RUN groupadd --gid 20 appuser; useradd --gid 20 --uid 501 appuser; setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp; chown - 0.2s ------ > [app dev 3/3] RUN groupadd --gid 20 appuser; useradd --gid 20 --uid 501 appuser; setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp; chown -R appuser:appuser /data/caddy && chown -R appuser:appuser /config/caddy: 0.133 groupadd: GID '20' already exists 0.138 useradd warning: appuser's uid 501 outside of the UID_MIN 1000 and UID_MAX 60000 range. 0.202 chown: invalid group: 'appuser:appuser' ------ failed to solve: process "/bin/sh -c groupadd --gid ${GROUP_ID} ${GROUP_NAME}; useradd --gid ${GROUP_ID} --uid ${USER_ID} ${GROUP_NAME}; \tsetcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp...

• Fixes Installation with Docker doesn't work #340

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Begalov]

@samdark I can't confirm that the copilot worked

# make composer update
docker compose -f docker/compose.yml -f docker/dev/compose.yml run --rm app composer update
[+] Creating 1/1
 ✔ Network app_default  Created                                                                                      0.1s [+] Building 5.5s (12/12) FINISHED
 => [internal] load local bake definitions                                                                           0.0s  => => reading from stdin 606B                                                                                       0.0s  => [internal] load build definition from Dockerfile                                                                 0.0s  => => transferring dockerfile: 1.59kB                                                                               0.0s  => [internal] load metadata for docker.io/composer/composer:2-bin                                                   3.8s  => [internal] load metadata for docker.io/dunglas/frankenphp:1-php8.2-bookworm                                      3.7s  => [internal] load .dockerignore                                                                                    0.1s  => => transferring context: 154B                                                                                    0.0s  => [base 1/3] FROM docker.io/dunglas/frankenphp:1-php8.2-bookworm@sha256:58964249927ae663a1753f857ba62d196a0d16f80  0.1s  => => resolve docker.io/dunglas/frankenphp:1-php8.2-bookworm@sha256:58964249927ae663a1753f857ba62d196a0d16f8038cbb  0.1s  => [composer 1/1] FROM docker.io/composer/composer:2-bin@sha256:dbc7e2b32a383068e8f652e0f105c2e505df319f085d03c7b9  0.1s  => => resolve docker.io/composer/composer:2-bin@sha256:dbc7e2b32a383068e8f652e0f105c2e505df319f085d03c7b950d78b2fe  0.1s  => CACHED [base 2/3] RUN apt update && apt -y install     unzip                                                     0.0s  => CACHED [base 3/3] RUN install-php-extensions     opcache     mbstring     intl     dom     ctype     curl     p  0.0s  => CACHED [dev 1/3] RUN install-php-extensions     xdebug                                                           0.0s  => CACHED [dev 2/3] COPY --from=composer /composer /usr/bin/composer                                                0.0s  => ERROR [dev 3/3] RUN  getent group 0 || groupadd --gid 0 appuser;     useradd --gid 0 --uid 0 appuser;  setcap C  0.8s ------
 > [dev 3/3] RUN        getent group 0 || groupadd --gid 0 appuser;     useradd --gid 0 --uid 0 appuser;        setcap CAP
                                                        chown -R appuser:0 /data/caddy && chown -R appuser:0 /config/caddy:
0.418 root:x:0:
0.491 useradd: UID 0 is not unique
0.760 chown: invalid user: 'appuser:0'
------
Dockerfile:38

--------------------

  37 |     # Based on https://frankenphp.dev/docs/docker/#running-as-a-non-root-user

  38 | >>> RUN \

  39 | >>>      # Create group if it doesn't exist (handles Mac GID 20 conflict) \

  40 | >>>      getent group ${GROUP_ID} || groupadd --gid ${GROUP_ID} ${GROUP_NAME}; \

  41 | >>>      # Create user \

  42 | >>>     useradd --gid ${GROUP_ID} --uid ${USER_ID} ${USER_NAME}; \

  43 | >>>      # Add additional capability to bind to port 80 and 443 \

  44 | >>>      setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp; \

  45 | >>>      # Give write access to /data/caddy and /config/caddy (using GID for cross-platform compatibility) \

  46 | >>>      chown -R ${USER_NAME}:${GROUP_ID} /data/caddy && chown -R ${USER_NAME}:${GROUP_ID} /config/caddy

  47 |     USER ${USER_NAME}

--------------------

failed to solve: process "/bin/sh -c getent group ${GROUP_ID} || groupadd --gid ${GROUP_ID} ${GROUP_NAME};     useradd --gid ${GROUP_ID} --uid ${USER_ID} ${USER_NAME}; \tsetcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp; \tchown -R ${USER_NAME}:${GROUP_ID} /data/caddy && chown -R ${USER_NAME}:${GROUP_ID} /config/caddy" did not complete successfully: exit code: 1

make: *** [Makefile:81: composer] Error 1

# git branch
* (HEAD detached at origin/copilot/fix-docker-installation-issue)

# cat Makefile
CLI_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
$(eval $(sort $(subst :,\:,$(CLI_ARGS))):;@:)

PRIMARY_GOAL := $(firstword $(MAKECMDGOALS))
ifeq ($(PRIMARY_GOAL),)
    PRIMARY_GOAL := help
endif

include docker/.env

# Current user ID and group ID with platform-specific handling
# Detect OS
UNAME_S := $(shell uname -s 2>/dev/null || echo Unknown)

# MacOS: Use fixed UIDs to avoid conflicts with existing groups
ifeq ($(UNAME_S),Darwin)
    export UID=1000
    export GID=1000
# Windows (Git Bash/MSYS/MinGW): Use fixed UIDs
else ifneq (,$(findstring MINGW,$(UNAME_S)))
    export UID=1000
    export GID=1000
else ifneq (,$(findstring MSYS,$(UNAME_S)))
    export UID=1000
    export GID=1000
else ifneq (,$(findstring CYGWIN,$(UNAME_S)))
    export UID=1000
    export GID=1000
# Linux (including WSL): Use current user's IDs
else
    export UID=$(shell id -u)
    export GID=$(shell id -g)
endif
...

but this worked well for me under Alpine Linux over wsl

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 4506010..635cee0 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -41,9 +41,9 @@ RUN \
        # Create user \
     useradd --gid ${GROUP_ID} --uid ${USER_ID} ${USER_NAME}; \
        # Add additional capability to bind to port 80 and 443 \
-       setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp; \
+       setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp;
        # Give write access to /data/caddy and /config/caddy (using GID for cross-platform compatibility) \
-       chown -R ${USER_NAME}:${GROUP_ID} /data/caddy && chown -R ${USER_NAME}:${GROUP_ID} /config/caddy
+       # chown -R ${USER_NAME}:${GROUP_ID} /data/caddy && chown -R ${USER_NAME}:${GROUP_ID} /config/caddy
 USER ${USER_NAME}