Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add non root user #218

Closed
wants to merge 11 commits into from
14 changes: 13 additions & 1 deletion .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999

ARG USERNAME=amp
ARG USER_UID=1000
ARG USER_GID=$USER_UID

ARG BATS_VERSION=1.10.0
ARG CCACHE_VERSION=4.9
ARG CLANG_VERSION=16
Expand All @@ -14,6 +18,10 @@ HEALTHCHECK NONE

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Add a non-root user
RUN groupadd --gid "${USER_GID}" "${USERNAME}" \
&& useradd --uid "${USER_UID}" --gid "${USER_GID}" --shell /bin/bash -m "${USERNAME}"

# Install the base system with all tool dependencies
COPY .devcontainer/apt-requirements-base.json /tmp/apt-requirements-base.json
# hadolint ignore=DL3008
Expand Down Expand Up @@ -87,7 +95,9 @@ RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \
&& git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git

# Install xwin
RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin" \
&& mkdir /winsdk \
&& chown "${USER_UID}:${USER_GID}" /winsdk
Fixed Show fixed Hide fixed

# Update all tool alternatives to the correct version
RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-12 20 \
Expand All @@ -97,3 +107,5 @@ RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-12 20 \
&& update-alternatives --install /usr/bin/mull-runner mull-runner /usr/local/bin/mull-runner-${CLANG_VERSION} 10 \
&& update-alternatives --install /usr/lib/mull-ir-frontend mull-ir-frontend /usr/local/lib/mull-ir-frontend-${CLANG_VERSION} 10 \
&& update-alternatives --install /usr/bin/python python /usr/bin/python3 10

USER "${USERNAME}"
3 changes: 0 additions & 3 deletions .trivyignore

This file was deleted.

4 changes: 2 additions & 2 deletions test/testsuite.bats
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ setup_file() {
xwin --accept-license splat --preserve-ms-arch-notation
fi

cp -r .xwin-cache/splat/ /winsdk
cp -r .xwin-cache/splat/* /winsdk/
}

teardown_file() {
rm -rf .xwin-hash/ /winsdk
rm -rf .xwin-hash/ /winsdk/*
}

setup() {
Expand Down
Loading