Parametrize uid and gid for non 1000 runner's

Signed-off-by: Benoit Donneaux <benoit@leastauthority.com>
LeastAuthority · Feb 1, 2024 · 6381dd4 · 6381dd4
1 parent 64035af
commit 6381dd4
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 7 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -70,7 +70,7 @@ jobs:
 
       - name: prepare
         run: |
-          docker-compose build
+          docker-compose build --build-arg uid="$(id -u)" --build-arg gid="$(id -g)"
           docker-compose run client npm i
 
       - name: deploy

diff --git a/.github/workflows/integrate.yml b/.github/workflows/integrate.yml
@@ -72,7 +72,7 @@ jobs:
 
       - name: Set up containers
         run: |
-          docker compose -f docker-compose.yml -f docker-compose.e2e.yml --profile e2e build
+          docker compose -f docker-compose.yml -f docker-compose.e2e.yml --profile e2e build --build-arg uid="$(id -u)" --build-arg gid="$(id -g)"
           docker compose run --rm client npm i
           docker compose run --rm client ./scripts/setup.sh
           docker compose -f docker-compose.yml -f docker-compose.e2e.yml --profile e2e run --rm client-e2e npm i

diff --git a/client-e2e/Dockerfile b/client-e2e/Dockerfile
@@ -1,7 +1,24 @@
 FROM node:16-alpine
 
-# Switch to the existing node user instead of root
-USER node
+# Parameters for default user:group
+ARG uid=1000
+ARG user=appuser
+ARG gid=1000
+ARG group=appgroup
+
+# Remove exising node user to avoid possible conflict
+RUN deluser node && rm -rf /home/node && chown -R root:root /opt
+
+# Add user and group for build and runtime
+RUN addgroup -g "${gid}" "${group}" && adduser -D -h /home/${user} -s /bin/bash -G "${group}" -u "${uid}" "${user}"
+
+# Prepare directories
+RUN DIRS="/usr/src/app" && \
+    mkdir -p ${DIRS} && \
+    chown -R ${user}:${group} $DIRS
+
+# Switch to non-root user
+USER ${user}
 
 # Switch to the directory where the client code will live
 WORKDIR /usr/src/app/client-e2e

diff --git a/client/Dockerfile b/client/Dockerfile
@@ -3,13 +3,30 @@ FROM node:16-alpine
 # Install some require system packages
 RUN apk add git openssh openssl lftp curl rust bash
 
-# Switch to the existing node user instead of root
-USER node
+# Parameters for default user:group
+ARG uid=1000
+ARG user=appuser
+ARG gid=1000
+ARG group=appgroup
+
+# Remove exising node user to avoid possible conflict
+RUN deluser node && rm -rf /home/node && chown -R root:root /opt
+
+# Add user and group for build and runtime
+RUN addgroup -g "${gid}" "${group}" && adduser -D -h /home/${user} -s /bin/bash -G "${group}" -u "${uid}" "${user}"
+
+# Prepare directories
+RUN DIRS="/usr/src/app" && \
+    mkdir -p ${DIRS} && \
+    chown -R ${user}:${group} $DIRS
+
+# Switch to non-root user
+USER ${user}
 
 # Install latest rust on top of it
 # FIXME: make it reproducible!
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH="/home/node/.cargo/bin:${PATH}"
+ENV PATH="/home/${user}/.cargo/bin:${PATH}"
 
 # Install wasm-pack to build the WebAssembly packages
 # FIXME: make it reproducible!