Skip to content

Commit 7124710

Browse files
jamm1985jamm1985
committed
Use numeric UID/GID and tighten sudoers cleanup
- Default host UID/GID to 1000 - Switch stages to USER uid:gid - Add HOME env - Make sudoers removal safer
1 parent b8aa537 commit 7124710

1 file changed

Lines changed: 16 additions & 7 deletions

File tree

Dockerfile

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
FROM archlinux:base-devel AS python-base
22
ARG TZ=Asia/Vladivostok
3-
ARG DOCKER_HOST_UID=10000
4-
ARG DOCKER_HOST_GID=10000
3+
ARG DOCKER_HOST_UID=1000
4+
ARG DOCKER_HOST_GID=1000
55
ARG DOCKER_USER=devuser
66
ARG DOCKER_USER_HOME=/home/devuser
77
ARG MIRROR_LIST_COUNTRY=RU
@@ -61,26 +61,31 @@ RUN curl -sSL https://install.python-poetry.org | POETRY_VERSION=$POETRY_VERSION
6161
ENV PATH=$POETRY_HOME/bin:$PATH
6262
ENV PYTHONPATH=/application/src
6363
ENV PROJECT_ROOT=/application
64+
ENV HOME=$DOCKER_USER_HOME
6465

6566
FROM python-base AS poetry
67+
ARG DOCKER_HOST_UID=1000
68+
ARG DOCKER_HOST_GID=1000
6669
ARG DOCKER_USER=devuser
6770
RUN mkdir -p $POETRY_CACHE_DIR && \
6871
chown -R $DOCKER_USER $POETRY_CACHE_DIR
6972
RUN mkdir -p $PIP_CACHE_DIR && \
7073
chown -R $DOCKER_USER $PIP_CACHE_DIR
71-
USER $DOCKER_USER
74+
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
7275
WORKDIR /application
7376

7477
FROM python-base AS app-build
78+
ARG DOCKER_HOST_UID=1000
79+
ARG DOCKER_HOST_GID=1000
7580
ARG DOCKER_USER=devuser
7681
COPY src/ build/src
7782
COPY README.md /build/
7883
COPY pyproject.toml poetry.lock /build/
7984
ARG POETRY_OPTIONS_APP="--only main --compile"
8085
RUN poetry install $POETRY_OPTIONS_APP -n -v -C /build && \
8186
rm -rf $POETRY_CACHE_DIR/* && rm -rf $PIP_CACHE_DIR/*
82-
RUN sed -i "/\b\($DOCKER_USER\)\b/d" /etc/sudoers
83-
USER $DOCKER_USER
87+
RUN sed -i "/^${DOCKER_USER}[[:space:]]/d" /etc/sudoers
88+
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
8489
WORKDIR /application
8590

8691
FROM python-base AS build-deps-dev
@@ -104,15 +109,19 @@ RUN mkdir -p $DOCKER_USER_HOME/.config && \
104109
chown -R $DOCKER_USER $DOCKER_USER_HOME/.config
105110

106111
FROM build-deps-dev AS dev-build
112+
ARG DOCKER_HOST_UID=1000
113+
ARG DOCKER_HOST_GID=1000
107114
ARG DOCKER_USER=devuser
108-
USER $DOCKER_USER
115+
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
109116
WORKDIR /application
110117
RUN git config --global --add safe.directory /application
111118

112119
FROM build-deps-dev AS vim-ide
120+
ARG DOCKER_HOST_UID=1000
121+
ARG DOCKER_HOST_GID=1000
113122
ARG DOCKER_USER=devuser
114123
ARG DOCKER_USER_HOME=/home/devuser
115-
USER $DOCKER_USER
124+
USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
116125
RUN curl -fLo $DOCKER_USER_HOME/.vim/autoload/plug.vim --create-dirs \
117126
https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
118127
RUN curl -fLo $DOCKER_USER_HOME/.vim/spell/en.utf-8.spl \

0 commit comments

Comments
 (0)