From 554182ef8ab33947ca8d9ee904a5d5472d3c57f8 Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Tue, 4 Mar 2025 11:42:04 -0600
Subject: [PATCH] feat: run the docker container as dev (#8606)

* feat: run the docker container as dev

* fix: $@ -> $*

Old bug, but might as well fix it now

---------

Co-authored-by: Jennifer Richards <jennifer@staff.ietf.org>
---
 dev/celery/docker-init.sh | 13 ++++++---
 docker-compose.yml        |  4 ++-
 docker/celery.Dockerfile  | 60 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+), 5 deletions(-)
 create mode 100644 docker/celery.Dockerfile

diff --git a/dev/celery/docker-init.sh b/dev/celery/docker-init.sh
index 4fd1f1294..9940dfd7d 100755
--- a/dev/celery/docker-init.sh
+++ b/dev/celery/docker-init.sh
@@ -49,11 +49,16 @@ if [[ -n "${CELERY_GID}" ]]; then
 fi
 
 run_as_celery_uid () {
-  SU_OPTS=()
-  if [[ -n "${CELERY_GROUP}" ]]; then
-    SU_OPTS+=("-g" "${CELERY_GROUP}")
+  IAM=$(whoami)
+  if [ "${IAM}" = "${CELERY_USERNAME:-root}" ]; then
+    SU_OPTS=()
+    if [[ -n "${CELERY_GROUP}" ]]; then
+      SU_OPTS+=("-g" "${CELERY_GROUP}")
+    fi
+    su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$*"
+  else
+    /bin/sh -c "$*"
   fi
-  su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$@"
 }
 
 log_term_timing_msgs () {
diff --git a/docker-compose.yml b/docker-compose.yml
index 30ce8ba4d..9910c02a9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -67,7 +67,9 @@ services:
         restart: unless-stopped
 
     celery:
-        image: ghcr.io/ietf-tools/datatracker-celery:latest
+        build:
+            context: .
+            dockerfile: docker/celery.Dockerfile
         init: true
         environment:
             CELERY_APP: ietf
diff --git a/docker/celery.Dockerfile b/docker/celery.Dockerfile
new file mode 100644
index 000000000..e44200398
--- /dev/null
+++ b/docker/celery.Dockerfile
@@ -0,0 +1,60 @@
+FROM ghcr.io/ietf-tools/datatracker-celery:latest
+LABEL maintainer="IETF Tools Team <tools-discuss@ietf.org>"
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install needed packages and setup non-root user.
+ARG USERNAME=dev
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+COPY docker/scripts/app-setup-debian.sh /tmp/library-scripts/docker-setup-debian.sh
+RUN sed -i 's/\r$//' /tmp/library-scripts/docker-setup-debian.sh && chmod +x /tmp/library-scripts/docker-setup-debian.sh
+
+# Add Postgresql Apt Repository to get 14    
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt $(. /etc/os-release && echo "$VERSION_CODENAME")-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
+RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get install -y --no-install-recommends postgresql-client-14 pgloader \
+    # Remove imagemagick due to https://security-tracker.debian.org/tracker/CVE-2019-10131
+    && apt-get purge -y imagemagick imagemagick-6-common \
+    # Install common packages, non-root user
+    # Syntax: ./docker-setup-debian.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] [Add non-free packages]
+    && bash /tmp/library-scripts/docker-setup-debian.sh "true" "${USERNAME}" "${USER_UID}" "${USER_GID}" "false" "true" "true"
+
+# Setup default python tools in a venv via pipx to avoid conflicts
+ENV PIPX_HOME=/usr/local/py-utils \
+    PIPX_BIN_DIR=/usr/local/py-utils/bin
+ENV PATH=${PATH}:${PIPX_BIN_DIR}
+COPY docker/scripts/app-setup-python.sh /tmp/library-scripts/docker-setup-python.sh
+RUN sed -i 's/\r$//' /tmp/library-scripts/docker-setup-python.sh && chmod +x /tmp/library-scripts/docker-setup-python.sh
+RUN bash /tmp/library-scripts/docker-setup-python.sh "none" "/usr/local" "${PIPX_HOME}" "${USERNAME}"
+
+# Remove library scripts for final image
+RUN rm -rf /tmp/library-scripts
+
+# Copy the startup file
+COPY dev/celery/docker-init.sh /docker-init.sh
+RUN sed -i 's/\r$//' /docker-init.sh && \
+    chmod +x /docker-init.sh
+
+ENTRYPOINT [ "/docker-init.sh" ]
+
+# Fix user UID / GID to match host
+RUN groupmod --gid $USER_GID $USERNAME \
+    && usermod --uid $USER_UID --gid $USER_GID $USERNAME \
+    && chown -R $USER_UID:$USER_GID /home/$USERNAME \
+    || exit 0
+
+# Switch to local dev user
+USER dev:dev
+
+# Install current datatracker python dependencies
+COPY requirements.txt /tmp/pip-tmp/
+RUN pip3 --disable-pip-version-check --no-cache-dir install --user --no-warn-script-location -r /tmp/pip-tmp/requirements.txt
+RUN pip3 --disable-pip-version-check --no-cache-dir install --user --no-warn-script-location watchdog[watchmedo]
+
+RUN sudo rm -rf /tmp/pip-tmp
+
+VOLUME [ "/assets" ]
+