feat: only create user for development stage

aica-technology · Feb 26, 2024 · c19e239 · c19e239
1 parent d2b548f
commit c19e239
Showing 1 changed file with 30 additions and 27 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,6 @@
 ARG BASE_TAG=22.04
 FROM ubuntu:${BASE_TAG} as base
 ENV DEBIAN_FRONTEND=noninteractive
-ENV USER developer
-ENV HOME /home/${USER}
 
 RUN apt-get update && apt-get install -y \
     cmake \
@@ -18,28 +16,6 @@ RUN apt-get update && apt-get install -y \
 
 RUN echo "Set disable_coredump false" >> /etc/sudo.conf
 
-# create and configure a new user
-ARG UID=1000
-ARG GID=1000
-RUN addgroup --gid ${GID} ${USER}
-RUN adduser --gecos "Remote User" --uid ${UID} --gid ${GID} ${USER} && yes | passwd ${USER}
-RUN usermod -a -G dialout ${USER}
-RUN echo "${USER} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/99_aptget
-RUN chmod 0440 /etc/sudoers.d/99_aptget && chown root:root /etc/sudoers.d/99_aptget
-
-# Configure sshd server settings
-RUN ( \
-    echo 'LogLevel DEBUG2'; \
-    echo 'PubkeyAuthentication yes'; \
-    echo 'Subsystem sftp /usr/lib/openssh/sftp-server'; \
-  ) > /etc/ssh/sshd_config_development \
-  && mkdir /run/sshd
-
-# Configure sshd entrypoint to authorise the new user for ssh access and
-# optionally update UID and GID when invoking the container with the entrypoint script
-COPY ./docker/sshd_entrypoint.sh /sshd_entrypoint.sh
-RUN chmod 744 /sshd_entrypoint.sh
-
 # create the credentials to be able to pull private repos using ssh
 RUN mkdir /root/.ssh/ && ssh-keyscan github.com | tee -a /root/.ssh/known_hosts
 RUN echo "session required pam_limits.so" | tee --append /etc/pam.d/common-session > /dev/null
@@ -143,13 +119,40 @@ FROM base as code
 WORKDIR /src
 COPY --from=apt-dependencies /tmp/apt /
 COPY --from=dependencies /tmp/deps /usr
-COPY --chown=${USER}:${USER} . /src
+COPY . /src
 
 FROM code as development
-USER ${USER}
-RUN sudo mkdir /guidelines && sudo chown ${USER}:${USER} /guidelines && cd /guidelines \
+# create and configure a new user
+ARG UID=1000
+ARG GID=1000
+ENV USER developer
+ENV HOME /home/${USER}
+
+RUN addgroup --gid ${GID} ${USER}
+RUN adduser --gecos "Remote User" --uid ${UID} --gid ${GID} ${USER} && yes | passwd ${USER}
+RUN usermod -a -G dialout ${USER}
+RUN echo "${USER} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/99_aptget
+RUN chmod 0440 /etc/sudoers.d/99_aptget && chown root:root /etc/sudoers.d/99_aptget
+
+# Configure sshd server settings
+RUN ( \
+    echo 'LogLevel DEBUG2'; \
+    echo 'PubkeyAuthentication yes'; \
+    echo 'Subsystem sftp /usr/lib/openssh/sftp-server'; \
+  ) > /etc/ssh/sshd_config_development \
+  && mkdir /run/sshd
+
+# Configure sshd entrypoint to authorise the new user for ssh access and
+# optionally update UID and GID when invoking the container with the entrypoint script
+COPY ./docker/sshd_entrypoint.sh /sshd_entrypoint.sh
+RUN chmod 744 /sshd_entrypoint.sh
+
+RUN chown -R ${USER}:${USER} /src
+RUN mkdir /guidelines && cd /guidelines \
   && wget https://raw.githubusercontent.com/aica-technology/.github/v0.9.0/guidelines/.clang-format
 
+USER ${USER}
+
 FROM code as build
 ARG TARGETPLATFORM
 ARG CACHEID