Skip to content

Commit

Permalink
chore: Add non-root user and install pre-commit in the image. (#267)
Browse files Browse the repository at this point in the history
  • Loading branch information
huxuan authored Jan 13, 2024
1 parent 5626341 commit 7bc53a8
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 20 deletions.
24 changes: 23 additions & 1 deletion .devcontainer/prebuild/.devcontainer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,39 @@ ARG PYTHON_VERSION=3.12
FROM python:${PYTHON_VERSION} as dev

RUN apt-get update && apt-get install -y --no-install-recommends \
# To install Python applications.
# pipx: To install Python applications.
pipx \
# sudo: To add sudo support to non-root user.
sudo \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

# Config pipx
ENV PIPX_HOME=/usr/local/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
ENV PIPX_DEFAULT_PYTHON=/usr/local/bin/python

# Install pdm
RUN pipx install pdm

# Install pre-commit
RUN pipx install pre-commit

# Create a non-root user with sudo permission
ARG USERNAME=ss-python
ARG USER_UID=1000
ARG USER_GID=$USER_UID

RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --create-home --uid $USER_UID --gid $USER_GID $USERNAME \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME

# Set permission for related folders
RUN chown -R $USER_UID:$USER_GID $PIPX_HOME $PIPX_BIN_DIR

# Set the default user
User ss-python

########################################################################################
# Build image is an intermediate image used for building the project.
########################################################################################
Expand Down
18 changes: 9 additions & 9 deletions .devcontainer/prebuild/.devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"build": {
"args": {
"PYTHON_VERSION": "${localEnv:PYTHON_VERSION}"
},
"cacheFrom": "ghcr.io/serious-scaffold/ss-python:dev-py${localEnv:PYTHON_VERSION}",
"context": "../../..",
"dockerfile": "Dockerfile",
"target": "dev"
}
"build": {
"args": {
"PYTHON_VERSION": "${localEnv:PYTHON_VERSION}"
},
"cacheFrom": "ghcr.io/serious-scaffold/ss-python:dev-py${localEnv:PYTHON_VERSION}",
"context": "../../..",
"dockerfile": "Dockerfile",
"target": "dev"
}
}
24 changes: 23 additions & 1 deletion template/.devcontainer/prebuild/.devcontainer/Dockerfile.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,39 @@ ARG PYTHON_VERSION={{ default_py }}
FROM python:${PYTHON_VERSION} as dev

RUN apt-get update && apt-get install -y --no-install-recommends \
# To install Python applications.
# pipx: To install Python applications.
pipx \
# sudo: To add sudo support to non-root user.
sudo \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

# Config pipx
ENV PIPX_HOME=/usr/local/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
ENV PIPX_DEFAULT_PYTHON=/usr/local/bin/python

# Install pdm
RUN pipx install pdm

# Install pre-commit
RUN pipx install pre-commit

# Create a non-root user with sudo permission
ARG USERNAME={{ repo_name }}
ARG USER_UID=1000
ARG USER_GID=$USER_UID

RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --create-home --uid $USER_UID --gid $USER_GID $USERNAME \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME

# Set permission for related folders
RUN chown -R $USER_UID:$USER_GID $PIPX_HOME $PIPX_BIN_DIR

# Set the default user
User {{ repo_name }}

########################################################################################
# Build image is an intermediate image used for building the project.
########################################################################################
Expand Down
18 changes: 9 additions & 9 deletions template/.devcontainer/prebuild/.devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"build": {
"args": {
"PYTHON_VERSION": "${localEnv:PYTHON_VERSION}"
},
"cacheFrom": "ghcr.io/serious-scaffold/ss-python:dev-py${localEnv:PYTHON_VERSION}",
"context": "../../..",
"dockerfile": "Dockerfile",
"target": "dev"
}
"build": {
"args": {
"PYTHON_VERSION": "${localEnv:PYTHON_VERSION}"
},
"cacheFrom": "ghcr.io/serious-scaffold/ss-python:dev-py${localEnv:PYTHON_VERSION}",
"context": "../../..",
"dockerfile": "Dockerfile",
"target": "dev"
}
}

0 comments on commit 7bc53a8

Please sign in to comment.