Skip to content

Commit d291d49

Browse files
ryanpeachryanpeach
committed
Use this entrypoint hack the AI told me about
1 parent f645c0f commit d291d49

2 files changed

Lines changed: 37 additions & 14 deletions

File tree

Dockerfile

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -97,12 +97,7 @@ RUN apk add --no-cache --repositories-file /etc/apk/repositories.edge \
9797
helmfile \
9898
&& rm -rf /var/cache/apk/*
9999

100-
# Cargo installs
101-
ENV PATH="/home/${USERNAME}/.cargo/bin:$PATH"
102-
103-
# uv installs
104-
ENV PATH="/home/root/.local/bin:$PATH"
105-
RUN curl -LsSf https://astral.sh/uv/install.sh | sh
100+
# Build dependencies needed for uv tool compilation (requires root)
106101
RUN apk --no-cache --virtual .build-deps add \
107102
gcc \
108103
g++ \
@@ -126,9 +121,18 @@ RUN apk --no-cache --virtual .build-deps add \
126121
sshpass \
127122
patch \
128123
build-base \
129-
gcc-doc && \
124+
gcc-doc
125+
126+
# Drop root — all remaining commands run as the non-root user
127+
USER ${USERNAME}
128+
WORKDIR /home/${USERNAME}
129+
ENV HOME=/home/${USERNAME}
130+
131+
# uv installs (as user)
132+
ENV PATH="$HOME/.local/bin:$PATH"
133+
RUN curl -LsSf https://astral.sh/uv/install.sh | sh
134+
RUN uv tool install --verbose pre-commit && \
130135
# uv tool install aider-chat && \ TODO: Fix this, something to do with scipy
131-
uv tool install --verbose pre-commit && \
132136
uv tool install --verbose ruff && \
133137
uv tool install --verbose ipython && \
134138
uv tool install --verbose ipdb && \
@@ -139,12 +143,6 @@ RUN apk --no-cache --virtual .build-deps add \
139143
uv tool install --verbose thefuck && \
140144
uv tool install --verbose ansible
141145

142-
# Drop root permissions
143-
USER ${USERNAME}
144-
WORKDIR /home/${USERNAME}
145-
ENV HOME=/home/${USERNAME}
146-
ENV PATH="$HOME/.local/bin:$PATH"
147-
148146
# npm installs
149147
RUN npm install -g \
150148
prettier \
@@ -154,6 +152,9 @@ RUN npm install -g \
154152
RUN git clone --depth=1 https://github.com/tfutils/tfenv.git $HOME/.tfenv
155153
RUN .tfenv/bin/tfenv install latest
156154

155+
# Rust installs
156+
ENV PATH="$HOME/.local/bin:$HOME/.cargo/bin:$PATH"
157+
157158
# Go installs
158159
ENV PATH="$HOME/go/bin:$PATH"
159160

@@ -194,4 +195,8 @@ RUN find $SHELL_DIR/home/bin -type f -exec chmod +x {} \;
194195
# terminal colors with xterm
195196
ENV TERM=xterm-256color
196197

198+
# Entrypoint must run as root to modify the user
199+
COPY entrypoint.sh /entrypoint.sh
200+
USER root
201+
ENTRYPOINT ["/entrypoint.sh"]
197202
CMD ["/bin/zsh"]

entrypoint.sh

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#!/bin/sh
2+
set -e
3+
4+
TARGET_UID=${TARGET_UID:-1000}
5+
TARGET_GID=${TARGET_GID:-1000}
6+
USERNAME=rgpeach10
7+
8+
CURRENT_UID=$(id -u "$USERNAME")
9+
CURRENT_GID=$(id -g "$USERNAME")
10+
11+
# Rewrite the user/group IDs if they differ from build time
12+
if [ "$CURRENT_UID" != "$TARGET_UID" ] || [ "$CURRENT_GID" != "$TARGET_GID" ]; then
13+
sed -i "s/^$USERNAME:x:$CURRENT_UID:$CURRENT_GID:/$USERNAME:x:$TARGET_UID:$TARGET_GID:/" /etc/passwd
14+
sed -i "s/^$USERNAME:x:$CURRENT_GID:/$USERNAME:x:$TARGET_GID:/" /etc/group
15+
chown -R "$TARGET_UID:$TARGET_GID" "/home/$USERNAME"
16+
fi
17+
18+
exec su - "$USERNAME" -s /bin/zsh -c "$*"

0 commit comments

Comments
 (0)