11# Build:
2- # docker build --rm -f ./docker/Dockerfile --build-arg="ROS_DISTRO=rolling" --build-arg="COLCON_WS=/root /colcon_ws" -t <user_name>/ros2ai:rolling .
2+ # docker build --rm -f ./docker/Dockerfile --build-arg="ROS_DISTRO=rolling" --build-arg="COLCON_WS=/home/ros2ai /colcon_ws" -t <user_name>/ros2ai:rolling .
33#
44# Usage:
55# docker pull <user_name>/ros2ai:rolling
6+ #
7+ # Note: The container runs as non-root user 'ros2ai' (UID=1000, GID=1000) by default for security.
8+ # You can override the user at runtime with: docker run --user $(id -u):$(id -g) ...
69
710# An ARG declared before a FROM is outside of a build stage,
8- # so it can’ t be used in any instruction after a FROM.
11+ # so it can' t be used in any instruction after a FROM.
912# To use the default value of an ARG declared before the first FROM
1013# use an ARG instruction without a value inside of a build stage:
1114ARG ROS_DISTRO=rolling
12- ARG COLCON_WS=/root/colcon_ws
15+ ARG COLCON_WS=/home/ros2ai/colcon_ws
16+ ARG USERNAME=ros2ai
17+ ARG USER_UID=1234
18+ ARG USER_GID=1234
1319
1420FROM ros:${ROS_DISTRO}
1521
@@ -19,11 +25,24 @@ LABEL description="ros2ai ${ROS_DISTRO} docker image"
1925
2026ARG ROS_DISTRO
2127ARG COLCON_WS
28+ ARG USERNAME
29+ ARG USER_UID
30+ ARG USER_GID
2231
2332SHELL ["/bin/bash" ,"-c" ]
2433
34+ # Create non-root user with sudo privileges
35+ RUN groupadd --gid ${USER_GID} ${USERNAME} \
36+ && useradd --uid ${USER_UID} --gid ${USER_GID} -m ${USERNAME} \
37+ && apt-get update \
38+ && apt-get install -y sudo \
39+ && echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USERNAME} \
40+ && chmod 0440 /etc/sudoers.d/${USERNAME} \
41+ && rm -rf /var/lib/apt/lists/*
42+
2543RUN mkdir -p ${COLCON_WS}/src
2644COPY . ${COLCON_WS}/src/ros2ai/
45+ RUN chown -R ${USER_UID}:${USER_GID} ${COLCON_WS}
2746
2847# All apt-get commands start with an update, then install
2948# and finally, a cache cleanup to keep the image size small.
@@ -47,12 +66,17 @@ RUN if [ "$ROS_DISTRO" = "humble" ]; then \
4766# Build and source colcon workspace
4867RUN cd $COLCON_WS \
4968 && source /opt/ros/$ROS_DISTRO/setup.bash \
50- && colcon build --symlink-install --packages-select ros2ai
69+ && colcon build --symlink-install --packages-select ros2ai \
70+ && chown -R ${USER_UID}:${USER_GID} $COLCON_WS
5171
5272# Add source environment in .bashrc
53- RUN echo -n -e "\n " >> /root/.bashrc
54- RUN echo "### ros2ai workspace setting" >> /root/.bashrc
55- RUN echo "cd $COLCON_WS && source ./install/setup.bash" >> /root/.bashrc
73+ RUN echo -n -e "\n " >> /home/${USERNAME}/.bashrc
74+ RUN echo "### ros2ai workspace setting" >> /home/${USERNAME}/.bashrc
75+ RUN echo "cd $COLCON_WS && source ./install/setup.bash" >> /home/${USERNAME}/.bashrc
76+
77+ # Switch to non-root user
78+ USER ${USERNAME}
79+ WORKDIR /home/${USERNAME}
5680
5781# Overwrite as environmental variable so that entrypoint can rely on those
5882# OPENAI_API_KEY should not be included here, that is required for the runtime
0 commit comments