447c7cf8b3
Extend "create new user to avoid using root" copypasta to support being run as root (ARG UID=0). When running build.sh directly on a cirrus CI runner, we are running as root.
30 lines
961 B
Docker
30 lines
961 B
Docker
FROM debian:bookworm@sha256:b877a1a3fdf02469440f1768cf69c9771338a875b7add5e80c45b756c92ac20a
|
|
|
|
ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
RUN apt-get update -q && \
|
|
apt-get install -qy \
|
|
git \
|
|
gettext \
|
|
python3 \
|
|
python3-pip \
|
|
python3-setuptools \
|
|
python3-venv \
|
|
&& \
|
|
rm -rf /var/lib/apt/lists/* && \
|
|
apt-get autoremove -y && \
|
|
apt-get clean
|
|
|
|
# create new user to avoid using root; but with sudo access and no password for convenience.
|
|
ARG UID=1000
|
|
RUN if [ "$UID" != "0" ] ; then useradd --uid $UID --create-home --shell /bin/bash "user" ; fi
|
|
RUN usermod -append --groups sudo $(id -nu $UID || echo "user")
|
|
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
|
RUN HOME_DIR=$(getent passwd $UID | cut -d: -f6)
|
|
ENV WORK_DIR="${HOME_DIR}/wspace" \
|
|
PATH="${HOME_DIR}/.local/bin:${PATH}"
|
|
WORKDIR ${WORK_DIR}
|
|
RUN chown --recursive ${UID} ${WORK_DIR}
|
|
USER ${UID}
|