Workaround Docker remoteUser permissions

nuxy · nuxy · commit 4e1b159beeb3 · 2024-06-06T10:37:20.000-07:00
diff --git a/templates/Dockerfile b/templates/Dockerfile
@@ -6,4 +6,24 @@
 #
 FROM public.ecr.aws/lambda/nodejs:{{nodeVersion}}
 
-RUN dnf install -y gzip tar
+ARG BASE_DIR
+ARG USER
+ARG GROUP=${USER}
+ARG UID
+ARG GID=${UID}
+
+RUN dnf -y install gcc git gzip libyaml-devel make shadow-utils tar
+
+# Install app dependencies.
+RUN npm install -g pm2
+
+ENV PATH="${PATH}:/usr/sbin"
+
+# Create shared workspace.
+RUN groupadd -g ${UID} ${USER}
+RUN useradd -u ${UID} -g ${GID} -G root -s /usr/bin/bash -m ${USER}
+RUN chown ${USER}:${GROUP} ${BASE_DIR}
+
+USER ${USER}
+
+WORKDIR ${BASE_DIR}
diff --git a/templates/README.md b/templates/README.md
@@ -59,9 +59,19 @@ Generate documentation using [JSDoc](https://jsdoc.app):
 
 ## Known issues
 
-### Project files are assigned root priviledges
+### Project files are assigned incorrect priviledges
 
-This is due to a [bug](https://github.com/microsoft/vscode-remote-release/issues/2402) in the [Remote Container](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) extension, not this project.  During the container build process when the local machines's UID/GID matches an existing user UID/GID in the container it assigns `root` by default.  Note, in normal circumstances the [`remoteUser`](https://containers.dev/implementors/json_reference/#remoteUser) assigned would be `vscode` which always matches the local machine's user UID/GID values.
+If you experience this when working between local/remote development environments this is due to the user UID [not being present during build time](https://github.com/microsoft/vscode-remote-release/issues/6834#issuecomment-1158600543). In this case the default `1000` is defined as both the UID/GID for the remote user.  You can override this behavior by updating the following project `devcontainer.json` build arguments or by exporting the UID/GID in your `.bash_profile`.
+
+```json
+"build": {
+  "dockerfile": "Dockerfile",
+  "args": {
+    "UID": "${localEnv:UID:1234}", // Default to 1234
+    "GID": "${localEnv:GID:1234}"
+  }
+},
+```
 
 ## References
 
diff --git a/templates/devcontainer.json b/templates/devcontainer.json
@@ -1,16 +1,24 @@
 {
   "name": "{{appName}}",
-  "build": {"dockerfile": "Dockerfile"},
+  "build": {
+    "dockerfile": "Dockerfile",
+    "args": {
+      "BASE_DIR": "/var/task",
+      "USER": "${localEnv:USER}",
+      "UID": "${localEnv:UID:1000}"
+      //"GROUP": "${localEnv:USER}",
+      //"GID": "${localEnv:GID:1000}",
+    }
+  },
   "forwardPorts": [3000],
   // Mounting AWS config (Requires container rebuild)
   //"mounts": ["source=${localEnv:HOME}/.aws,target=/root/.aws,type=bind,consistency=cached"],
-  "workspaceMount": "source=${localWorkspaceFolder},target=/var/task,type=bind",
   "workspaceFolder": "/var/task",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/var/task,type=bind",
   "containerEnv": {
     "LAMBDA_TASK_ROOT": "${containerWorkspaceFolder}/{{appName}}/src"
   },
   "updateContentCommand": "npm install --prefix ${containerWorkspaceFolder}/{{appName}} >/dev/null",
-  "postCreateCommand": "npm install -g pm2",
   "postStartCommand": "pm2 start ${containerWorkspaceFolder}/.devcontainer/ecosystem.config.js",
   "customizations": {
     "vscode": {
