Add build arguments for conditional non-root user creation

usr3-1415 · usr3-1415 · commit eae3c0b81ba1 · 2025-03-16T14:10:09.000+02:00
Updated Dockerfile and Dockerfile.local.wsl to introduce build arguments for user creation, enabling the conditional creation of a non-root user. The default user is set to `root` with a user ID of `0`, which can be overridden during the build process. User context is switched to the specified user after installations. The `run-local-build-using-docker-image.sh` script has also been modified to support these changes.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,11 @@
-#FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+# Use build arguments to control user creation
+ARG NON_ROOT_USER=false
+ARG USERNAME=root
+ARG USERID=0
+
 FROM ubuntu:20.04
 
-#install .net
+# Install .NET
 RUN apt-get update && apt-get install -y wget apt-transport-https && \
     wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb && \
     dpkg -i packages-microsoft-prod.deb && \
@@ -16,14 +20,23 @@ RUN set -xe \
     && apt-get purge --auto-remove \
     && apt-get clean 
 
+# Conditionally create non-root user and set permissions
+RUN if [ "$NON_ROOT_USER" = "true" ]; then \
+    adduser --disabled-password --gecos '' --uid $USERID $USERNAME && \
+    mkdir -p /workdir /app && \
+    chown -R $USERNAME:$USERNAME /workdir /app; \
+fi
 
+# Switch to the appropriate user
+USER $USERNAME
 
 # Install SDKMAN
 RUN curl -s "https://get.sdkman.io" | bash && \
     echo "source $HOME/.sdkman/bin/sdkman-init.sh" >> $HOME/.bashrc && \
     bash -c "source $HOME/.sdkman/bin/sdkman-init.sh && sdk install java 17.0.9-oracle && sdk install scala 3.3.0 && sdk install sbt 1.9.0"
 
-# Install GNAT and SPARK from AdaCore
+# Install GNAT and SPARK (temporarily switch back to root)
+USER root
 WORKDIR /gnat_tmp/
 RUN wget -O gnat-2021-x86_64-linux-bin https://community.download.adacore.com/v1/f3a99d283f7b3d07293b2e1d07de00e31e332325?filename=gnat-2021-20210519-x86_64-linux-bin \
     && git clone https://github.com/AdaCore/gnat_community_install_script.git \
@@ -32,5 +45,7 @@ RUN wget -O gnat-2021-x86_64-linux-bin https://community.download.adacore.com/v1
     && gnat_community_install_script/install_package.sh ./gnat-2021-x86_64-linux-bin /opt/GNAT/gnat-x86-2021 \
     && rm -rf /gnat_tmp/
 
+# Set back to the appropriate user
+USER $USERNAME
 WORKDIR /app/
 ENV PATH="/opt/GNAT/gnat-x86-2021/bin:${PATH}"
diff --git a/Dockerfile.local.wsl b/Dockerfile.local.wsl
@@ -1,7 +1,11 @@
-#FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+# Use build arguments to control user creation
+ARG NON_ROOT_USER=false
+ARG USERNAME=root
+ARG USERID=0
+
 FROM ubuntu:20.04
 
-#install .net
+# Install .NET
 RUN apt-get update && apt-get install -y wget apt-transport-https && \
     wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb && \
     dpkg -i packages-microsoft-prod.deb && \
@@ -16,21 +20,22 @@ RUN set -xe \
     && apt-get purge --auto-remove \
     && apt-get clean 
 
-# Create a non-root user
-RUN adduser --disabled-password --gecos '' --uid 1000 myuser
-
-# Adjust permissions for volumes
-RUN mkdir -p /workdir /app && chown -R myuser:myuser /workdir /app
+# Conditionally create non-root user and set permissions
+RUN if [ "$NON_ROOT_USER" = "true" ]; then \
+    adduser --disabled-password --gecos '' --uid $USERID $USERNAME && \
+    mkdir -p /workdir /app && \
+    chown -R $USERNAME:$USERNAME /workdir /app; \
+fi
 
-# Switch to the non-root user
-USER myuser
+# Switch to the appropriate user
+USER $USERNAME
 
 # Install SDKMAN
 RUN curl -s "https://get.sdkman.io" | bash && \
     echo "source $HOME/.sdkman/bin/sdkman-init.sh" >> $HOME/.bashrc && \
     bash -c "source $HOME/.sdkman/bin/sdkman-init.sh && sdk install java 17.0.9-oracle && sdk install scala 3.3.0 && sdk install sbt 1.9.0"
 
-# Install GNAT and SPARK from AdaCore (still as root since no SDKMAN required here)
+# Install GNAT and SPARK (temporarily switch back to root)
 USER root
 WORKDIR /gnat_tmp/
 RUN wget -O gnat-2021-x86_64-linux-bin https://community.download.adacore.com/v1/f3a99d283f7b3d07293b2e1d07de00e31e332325?filename=gnat-2021-20210519-x86_64-linux-bin \
@@ -40,7 +45,7 @@ RUN wget -O gnat-2021-x86_64-linux-bin https://community.download.adacore.com/v1
     && gnat_community_install_script/install_package.sh ./gnat-2021-x86_64-linux-bin /opt/GNAT/gnat-x86-2021 \
     && rm -rf /gnat_tmp/
 
-# Set back to the non-root user for remaining tasks
-USER myuser
+# Set back to the appropriate user
+USER $USERNAME
 WORKDIR /app/
-ENV PATH="/opt/GNAT/gnat-x86-2021/bin:${PATH}"
+ENV PATH="/opt/GNAT/gnat-x86-2021/bin:${PATH}"
diff --git a/run-local-build-using-docker-image.sh b/run-local-build-using-docker-image.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
-#docker build -f Dockerfile.local.wsl -t asn1scc .
+#docker build -f Dockerfile.local.wsl --build-arg NON_ROOT_USER=true --build-arg USERNAME=myuser --build-arg USERID=1000 -t myimage .
 docker run -ti --rm -v .:/app -v asn1scc_workdir:/workdir asn1scc bash -c "./local-build.sh $(git rev-parse --abbrev-ref HEAD)"
