altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

chore: run devcontainer as user vscode instead of root (#3948)

Browse source
This commit is contained in:
Nicolas Giard 2022-05-13 15:13:50 -04:00 committed by GitHub
parent f4ce041dcc
commit f1472ffcac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.devcontainer/devcontainer.json
View file

@ -96,11 +96,11 @@
"label": "MariaDB", "label": "MariaDB",
"onAutoForward": "silent" "onAutoForward": "silent"
} }
} },
// Use 'postCreateCommand' to run commands after the container is created. // Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "sh /docker-init.sh", // "postCreateCommand": "sh /docker-init.sh",
// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
// "remoteUser": "django" "remoteUser": "vscode"
} }

12
docker/app.Dockerfile
View file

@ -114,11 +114,6 @@ ENV LC_ALL en_US.UTF-8
ADD https://raw.githubusercontent.com/ietf-tools/idnits-mirror/main/idnits /usr/local/bin/ ADD https://raw.githubusercontent.com/ietf-tools/idnits-mirror/main/idnits /usr/local/bin/
RUN chmod +rx /usr/local/bin/idnits RUN chmod +rx /usr/local/bin/idnits
# Install current datatracker python dependencies
COPY requirements.txt /tmp/pip-tmp/
RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt \
&& rm -rf /tmp/pip-tmp
# Turn off rsyslog kernel logging (doesn't work in Docker) # Turn off rsyslog kernel logging (doesn't work in Docker)
RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
@ -137,4 +132,11 @@ RUN sed -i 's/\r$//' /docker-init.sh && \
RUN mkdir -p /workspace RUN mkdir -p /workspace
WORKDIR /workspace WORKDIR /workspace
USER vscode:vscode
# Install current datatracker python dependencies
COPY requirements.txt /tmp/pip-tmp/
RUN pip3 --disable-pip-version-check --no-cache-dir install --user -r /tmp/pip-tmp/requirements.txt
RUN sudo rm -rf /tmp/pip-tmp
# ENTRYPOINT [ "/docker-init.sh" ] # ENTRYPOINT [ "/docker-init.sh" ]

9
docker/scripts/app-init.sh
View file

@ -2,11 +2,11 @@
WORKSPACEDIR="/workspace" WORKSPACEDIR="/workspace"
service rsyslog start sudo service rsyslog start
# fix permissions for npm-related paths # fix permissions for npm-related paths
WORKSPACE_UID_GID=$(stat --format="%u:%g" "$WORKSPACEDIR") WORKSPACE_UID_GID=$(stat --format="%u:%g" "$WORKSPACEDIR")
chown -R "$WORKSPACE_UID_GID" "$WORKSPACEDIR/.parcel-cache" sudo chown -R "$WORKSPACE_UID_GID" "$WORKSPACEDIR/.parcel-cache"
# Build node packages that requrie native compilation # Build node packages that requrie native compilation
echo "Compiling native node packages..." echo "Compiling native node packages..."
@ -71,7 +71,8 @@ fi
# Run memcached # Run memcached
/usr/bin/memcached -u root -d echo "Starting memcached..."
/usr/bin/memcached -u vscode -d
# Initial checks # Initial checks
@ -99,6 +100,6 @@ if [ -z "$EDITOR_VSCODE" ]; then
bash -c "$*" bash -c "$*"
CODE=$? CODE=$?
fi fi
service rsyslog stop sudo service rsyslog stop
exit $CODE exit $CODE
fi fi