fix: CI/CD permission fix

.gitlab-ci.yml

@@ -21,6 +21,8 @@ default:
   after_script:
     - echo "Fixing file permissions..."
     - sudo chown -R gitlab-runner:gitlab-runner "$DEPLOY_PATH" 2>/dev/null || true
+    # Keep data directories owned by container user
+    - sudo chown -R 1001:1001 "$DEPLOY_PATH/data/backups" "$DEPLOY_PATH/data/documents" 2>/dev/null || true
 
 # Validate Stage - Check prerequisites
 validate:
@@ -73,26 +75,30 @@ deploy:
     - echo "Deploying MotoVaultPro..."
     - echo "=========================================="
     - cd "$DEPLOY_PATH"
-    - echo "Step 1/7 Injecting secrets..."
+    - echo "Step 1/8 Initializing data directories..."
+    - mkdir -p data/backups data/documents
+    - sudo chown -R 1001:1001 data/backups data/documents
+    - chmod 755 data/backups data/documents
+    - echo "Step 2/8 Injecting secrets..."
     - chmod +x scripts/inject-secrets.sh
     - ./scripts/inject-secrets.sh
-    - echo "Step 2/7 Stopping existing services..."
+    - echo "Step 3/8 Stopping existing services..."
     - docker compose -f $DOCKER_COMPOSE_FILE -f $DOCKER_COMPOSE_PROD_FILE down --timeout 30 || true
-    - echo "Step 3/7 Pulling base images..."
+    - echo "Step 4/8 Pulling base images..."
     - docker compose -f $DOCKER_COMPOSE_FILE pull
-    - echo "Step 4/7 Starting database services..."
+    - echo "Step 5/8 Starting database services..."
     - docker compose -f $DOCKER_COMPOSE_FILE -f $DOCKER_COMPOSE_PROD_FILE up -d mvp-postgres mvp-redis
     - echo "Waiting for database to be ready..."
     - sleep 15
-    - echo "Step 5/7 Running database migrations..."
+    - echo "Step 6/8 Running database migrations..."
     - docker compose -f $DOCKER_COMPOSE_FILE run --rm mvp-backend npm run migrate || echo "Migration skipped"
-    - echo "Step 6/7 Vehicle catalog data..."
+    - echo "Step 7/8 Vehicle catalog data..."
     # Schema and data now loaded via standard migration system
     # Migration runner handles table creation and data loading automatically
     - echo "Vehicle catalog loaded via platform feature migration"
     - echo "Flushing Redis cache..."
     - docker exec mvp-redis redis-cli FLUSHALL
-    - echo "Step 7/7 Starting all services..."
+    - echo "Step 8/8 Starting all services..."
     - docker compose -f $DOCKER_COMPOSE_FILE -f $DOCKER_COMPOSE_PROD_FILE up -d
     - echo "Waiting for services to initialize..."
     - sleep 30

backend/Dockerfile

@@ -51,6 +51,10 @@ RUN mkdir -p /app/migrations/features /app/migrations/core
 COPY --from=builder /app/src/features /app/migrations/features
 COPY --from=builder /app/src/core /app/migrations/core
 
+# Copy entrypoint script for permission checks
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
 # Change ownership to non-root user
 RUN chown -R nodejs:nodejs /app
 
@@ -64,8 +68,8 @@ EXPOSE 3001
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
   CMD node -e "require('http').get('http://localhost:3001/health', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) }).on('error', () => process.exit(1))"
 
-# Use dumb-init for proper signal handling
-ENTRYPOINT ["dumb-init", "--"]
+# Use dumb-init with entrypoint for permission checks
+ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 
 # Run production application with auto-migrate (idempotent)
 CMD ["sh", "-lc", "node dist/_system/migrations/run-all.js && npm start"]

backend/scripts/docker-entrypoint.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# docker-entrypoint.sh
+# Ensures data directories have correct permissions on container startup
+
+set -e
+
+echo "Checking data directory permissions..."
+
+# Directories that need to be writable by nodejs user (UID 1001)
+DATA_DIRS="/app/data/backups /app/data/documents"
+
+for dir in $DATA_DIRS; do
+  if [ ! -d "$dir" ]; then
+    echo "Creating directory: $dir"
+    mkdir -p "$dir"
+  fi
+
+  # Check if we can write to the directory
+  if ! touch "$dir/.write-test" 2>/dev/null; then
+    echo "WARNING: Cannot write to $dir"
+    echo "This may cause backup/document operations to fail"
+    echo "Fix: Run 'sudo chown -R 1001:1001 ./data' on the host"
+  else
+    rm "$dir/.write-test"
+  fi
+done
+
+echo "Permission checks complete"
+echo "Starting application..."
+
+# Execute the CMD from Dockerfile
+exec "$@"

docs/PROMPTS.md

@@ -22,15 +22,16 @@ You are a senior software engineer specializsing in NodeJS, Typescript, front en
 - Make no assumptions. 
 - Ask clarifying questions. 
 - Ultrathink
-- You will be fixing a bug with the vehicle catalog import function. 
+- You will be fixing a bug the system backup and restore function. 
 
 *** CONTEXT ***
 - This is a modern web app for managing a vehicle fleet. It has both a desktop and mobile versions of the site that both need to maintain feature parity. It's currently deployed via docker compose but in the future will be deployed via k8s.
 - Read README.md CLAUDE.md and AI-INDEX.md and follow relevant instructions to understand this code repository in the context of this change. 
-- There is an error when you try and import this CSV file.  
-- Start with this file. data/vehicle-etl/gmc_2022_2026.csv
-- The interface says everything is successful. 
-- I flushed all REDIS cache
+- There are permission errors with the backup files.  
+- The backup directory is mapped from the filesystem of the host
+- The app is deployed as the gitlab-runner user and group which is a different UID then the nodejs user
+- Start with the files in this directory /Users/egullickson/Documents/Technology/coding/motovaultpro/backend/src/features/backup/api
+- The docker file is located at /Users/egullickson/Documents/Technology/coding/motovaultpro/backend/Dockerfile
 
 *** CHANGES TO IMPLEMENT ***
 - Research this code base and ask iterative questions to compile a complete plan.