mapping user into docker

.github/workflows/docker.yml

@@ -35,7 +35,7 @@ jobs:
  password: ${{ secrets.GITHUB_TOKEN }}
  - name: docker build
  run: |
- docker build ./src/ -t ghcr.io/wesleych3n/autograde:latest
+ docker build -f ./src/dockerfile/Dockerfile -t  ghcr.io/wesleych3n/autograde:latest ./src/
  - name: docker push
  run: |
  docker push ghcr.io/wesleych3n/autograde:latest

src/dockerfile/Dockerfile

@@ -0,0 +1,26 @@
+FROM debian:stable-slim
+
+RUN apt-get update && \
+ apt install jq curl gosu -y
+
+RUN curl -fLo /usr/bin/yq https://github.com/mikefarah/yq/releases/download/3.4.0/yq_linux_amd64 && chmod +x /usr/bin/yq
+ADD ./ga /usr/bin/ga
+RUN chmod +x /usr/bin/ga
+
+
+ENV USER=wesley USER_ID=1000 USER_GID=1000
+
+# now creating user
+RUN groupadd --gid "${USER_GID}" "${USER}" && \
+ useradd \
+ --uid ${USER_ID} \
+ --gid ${USER_GID} \
+ --shell /bin/bash \
+ --create-home \
+ ${USER}
+
+COPY ./dockerfile/entrypoint.sh /
+RUN chmod u+x /entrypoint.sh
+
+WORKDIR /workdir/
+ENTRYPOINT ["/entrypoint.sh"]

src/dockerfile/entrypoint.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+if [ -z "${USER}" ]; then
+ echo "We need USER to be set!"; exit 100
+fi
+
+# if both not set we do not need to do anything
+if [ -z "${HOST_USER_ID}" -a -z "${HOST_USER_GID}" ]; then
+ echo "this image suppose to run with UID/GID mapped" ; exit 0
+fi
+
+# reset user_?id to either new id or if empty old (still one of above
+# might not be set)
+USER_ID=${HOST_USER_ID:=$USER_ID}
+USER_GID=${HOST_USER_GID:=$USER_GID}
+
+LINE=$(grep -F "${USER}" /etc/passwd)
+# replace all ':' with a space and create array
+array=( ${LINE//:/ } )
+
+# home is 5th element
+USER_HOME=${array[4]}
+
+sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:[0-9]*/${USER}:\1:${USER_ID}:${USER_GID}/" /etc/passwd
+sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
+
+chown -R ${USER_ID}:${USER_GID} ${USER_HOME}
+chown -R ${USER_ID}:${USER_GID} /workdir
+
+exec gosu ${USER_ID}:${USER_GID} "$@"