🔨 Fix Docker permission errors with bind mounts

Bind-mounted project dirs failed on `buildozer init` with permission
denied because container UID/GID didn't match the host.
Add a lean entrypoint that maps the container user to the host UID/GID
 execs buildozer, fixing writes to `/home/user/hostcwd`.

See command used and error output:
```
docker run --volume "$(pwd)":/home/user/hostcwd kivy/buildozer init
Traceback (most recent call last):
  File "/home/user/.venv/bin/buildozer", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/user/.venv/lib/python3.12/site-packages/buildozer/scripts/client.py", line 16, in main
    Buildozer().run_command(sys.argv[1:])
  File "/home/user/.venv/lib/python3.12/site-packages/buildozer/__init__.py", line 672, in run_command
    getattr(self, cmd)(*args)
  File "/home/user/.venv/lib/python3.12/site-packages/buildozer/__init__.py", line 711, in cmd_init
    buildops.file_copy(join(dirname(__file__), 'default.spec'), 'buildozer.spec')
  File "/home/user/.venv/lib/python3.12/site-packages/buildozer/buildops.py", line 108, in file_copy
    copyfile(source, target)
  File "/usr/lib/python3.12/shutil.py", line 262, in copyfile
    with open(dst, 'wb') as fdst:
         ^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: 'buildozer.spec'
```

Author: AndreMiras

.github/workflows/docker.yml

@@ -56,7 +56,9 @@ jobs:
           tags: ${{ env.DOCKERHUB_IMAGE }}:latest
       # Run the locally built image to test it
       - name: Docker run
-        run: docker run ${{ env.DOCKERHUB_IMAGE }} --version
+        run: |
+          docker run ${{ env.DOCKERHUB_IMAGE }} --version
+          docker run --rm --volume "$PWD":/home/user/hostcwd ${{ env.DOCKERHUB_IMAGE }} init
 
   update-readme:
     runs-on: ubuntu-24.04

.github/workflows/test_python.yml

@@ -68,7 +68,7 @@ jobs:
     steps:
     - uses: actions/checkout@v5
     - name: Requirements
-      run: pip install -U sphinx sphinxawesome_theme
+      run: pip install --upgrade sphinx sphinxawesome_theme
     - name: Check links
       run: sphinx-build -b linkcheck docs/source docs/build
     - name: Generate documentation

Dockerfile

@@ -70,19 +70,16 @@ RUN apt update -qq > /dev/null \
     zip \
     zlib1g-dev
 
-# prepares non root env
-RUN useradd --create-home --shell /bin/bash ${USER}
-# with sudo access and no password
-RUN usermod -append --groups sudo ${USER}
-RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+# Create home directory and virtual environment
+RUN mkdir -p ${HOME_DIR} \
+    && python3 -m venv ${HOME_DIR}/.venv
 
-USER ${USER}
 WORKDIR ${WORK_DIR}
-COPY --chown=user:user . ${SRC_DIR}
+COPY . ${SRC_DIR}
+COPY --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh
 
 # installs buildozer and dependencies from a virtual environment
 ENV PATH="${HOME_DIR}/.venv/bin:${PATH}"
-RUN python3 -m venv ${HOME_DIR}/.venv && \
-    pip3 install --upgrade "Cython<3.0" wheel pip ${SRC_DIR}
+RUN pip install --upgrade "Cython<3.0" wheel pip ${SRC_DIR}
 
-ENTRYPOINT ["buildozer"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

entrypoint.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Remap container user to host UID/GID (from /home/user/hostcwd) so that
+# buildozer can write to bind-mounted project dirs without permission errors.
+# Then exec buildozer as that user.
+
+# Get the host user's UID and GID from the mounted volume
+HOST_UID=$(stat --format %u /home/user/hostcwd)
+HOST_GID=$(stat --format %g /home/user/hostcwd)
+
+# Create group with host GID if it doesn't exist
+if ! getent group $HOST_GID > /dev/null 2>&1; then
+    groupadd --gid $HOST_GID hostgroup
+fi
+
+# Check if UID already exists
+if getent passwd $HOST_UID > /dev/null 2>&1; then
+    # UID exists, get the existing username
+    EXISTING_USER=$(getent passwd $HOST_UID | cut -d: -f1)
+    USER_NAME="$EXISTING_USER"
+else
+    # UID doesn't exist, create new user
+    USER_NAME="user"
+    useradd --uid $HOST_UID --gid $HOST_GID --home /home/user --shell /bin/bash --no-create-home $USER_NAME
+fi
+
+# Ensure home directory and venv ownership
+chown --recursive $HOST_UID:$HOST_GID /home/user
+
+# Switch to the user and execute buildozer
+exec $USER_NAME buildozer "$@"