Skip to content

Commit 54af0b0

Browse files
tdrueztdruez
committed
Use deterministic UID/GID in Dockerfile #1555
Signed-off-by: tdruez <[email protected]>
1 parent 6750575 commit 54af0b0

File tree

1 file changed

+22
-21
lines changed

1 file changed

+22
-21
lines changed

Dockerfile

Lines changed: 22 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -26,19 +26,23 @@ LABEL org.opencontainers.image.source="https://github.com/aboutcode-org/scancode
2626
LABEL org.opencontainers.image.description="ScanCode.io"
2727
LABEL org.opencontainers.image.licenses="Apache-2.0"
2828

29-
ENV APP_NAME scancodeio
30-
ENV APP_USER app
31-
ENV APP_UID=1000
32-
ENV APP_GID=1000
33-
ENV APP_DIR /opt/$APP_NAME
34-
ENV VENV_LOCATION /opt/$APP_NAME/.venv
29+
# Set default values for APP_UID and APP_GID at build-time
30+
ARG APP_UID=1000
31+
ARG APP_GID=1000
32+
33+
ENV APP_NAME=scancodeio
34+
ENV APP_USER=app
35+
ENV APP_UID=${APP_UID}
36+
ENV APP_GID=${APP_GID}
37+
ENV APP_DIR=/opt/$APP_NAME
38+
ENV VENV_LOCATION=/opt/$APP_NAME/.venv
3539

3640
# Force Python unbuffered stdout and stderr (they are flushed to terminal immediately)
37-
ENV PYTHONUNBUFFERED 1
41+
ENV PYTHONUNBUFFERED=1
3842
# Do not write Python .pyc files
39-
ENV PYTHONDONTWRITEBYTECODE 1
43+
ENV PYTHONDONTWRITEBYTECODE=1
4044
# Add the app dir in the Python path for entry points availability
41-
ENV PYTHONPATH $PYTHONPATH:$APP_DIR
45+
ENV PYTHONPATH=$PYTHONPATH:$APP_DIR
4246

4347
# OS requirements as per
4448
# https://scancode-toolkit.readthedocs.io/en/latest/getting-started/install.html
@@ -66,27 +70,24 @@ RUN apt-get update \
6670
&& apt-get clean \
6771
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
6872

69-
# Create the APP_USER group and user with specific UID and GID
70-
RUN groupadd --gid $APP_GID $APP_USER \
71-
&& useradd --uid $APP_UID --gid $APP_GID --home-dir $APP_DIR --create-home $APP_USER \
72-
&& chown $APP_USER:$APP_USER $APP_DIR
73-
74-
# Create the /var/APP_NAME directory with proper permission for APP_USER
75-
RUN mkdir -p /var/$APP_NAME \
73+
# Create the APP_USER group, user, and directory with specific UID and GID
74+
RUN groupadd --gid $APP_GID --system $APP_USER \
75+
&& useradd --uid $APP_UID --gid $APP_GID --home-dir $APP_DIR --system --create-home $APP_USER \
76+
&& chown $APP_USER:$APP_USER $APP_DIR \
77+
&& mkdir -p /var/$APP_NAME \
7678
&& chown $APP_USER:$APP_USER /var/$APP_NAME
7779

7880
# Setup the work directory and the user as APP_USER for the remaining stages
7981
WORKDIR $APP_DIR
8082
USER $APP_USER
8183

84+
# Create static/ and workspace/ directories
85+
RUN mkdir -p /var/$APP_NAME/static/ /var/$APP_NAME/workspace/
86+
8287
# Create the virtualenv
8388
RUN python -m venv $VENV_LOCATION
8489
# Enable the virtualenv, similar effect as "source activate"
85-
ENV PATH $VENV_LOCATION/bin:$PATH
86-
87-
# Create static/ and workspace/ directories
88-
RUN mkdir -p /var/$APP_NAME/static/ \
89-
&& mkdir -p /var/$APP_NAME/workspace/
90+
ENV PATH=$VENV_LOCATION/bin:$PATH
9091

9192
# Install the dependencies before the codebase COPY for proper Docker layer caching
9293
COPY --chown=$APP_USER:$APP_USER pyproject.toml $APP_DIR/

0 commit comments

Comments
 (0)