🚧 use nextstrain user, remove unnecessary envs

Author: victorlin

Dockerfile

@@ -1,32 +1,26 @@
 FROM nextstrain/base:latest
 
+# Run the final setup as our target user for permissions reasons.
+USER nextstrain:nextstrain
+
 # Install Miniforge (includes conda)
-# FIXME: check permissions
 RUN curl -L "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-$(uname -m).sh" -o miniforge.sh && \
     bash miniforge.sh -b -p /nextstrain/miniforge && \
-    rm miniforge.sh && \
-    chmod -R 777 /nextstrain/miniforge
+    rm miniforge.sh
 
 # Make conda available in PATH
 ENV PATH="/nextstrain/miniforge/bin:$PATH"
 
 # Initialize conda for interactive shell use
 RUN conda init bash
 
-# FIXME: is `umask 000` ok to use here?
-
 # Create conda environments
-COPY envs/csvtk.yaml /tmp/
-RUN umask 000 && conda env create --name csvtk --file /tmp/csvtk.yaml && rm /tmp/csvtk.yaml
-
-COPY envs/nextstrain.yaml /tmp/
-RUN umask 000 && conda env create --name nextstrain --file /tmp/nextstrain.yaml && rm /tmp/nextstrain.yaml
-
 COPY envs/snippy.yaml /tmp/
-RUN umask 000 && conda env create --name snippy --file /tmp/snippy.yaml && rm /tmp/snippy.yaml
+RUN conda env create --name snippy --file /tmp/snippy.yaml && rm /tmp/snippy.yaml
 
 COPY envs/tb-profiler.yaml /tmp/
-RUN umask 000 && conda env create --name tb-profiler --file /tmp/tb-profiler.yaml && rm /tmp/tb-profiler.yaml
+RUN conda env create --name tb-profiler --file /tmp/tb-profiler.yaml && rm /tmp/tb-profiler.yaml
 
-COPY envs/tsv-utils.yaml /tmp/
-RUN umask 000 && conda env create --name tsv-utils --file /tmp/tsv-utils.yaml && rm /tmp/tsv-utils.yaml
+# Switch back to root.  The entrypoint will drop to nextstrain:nextstrain as
+# necessary when a container starts.
+USER root