chore(helmbroker): change uid gid to 1001

Author: duanhongyi

Makefile

@@ -49,7 +49,8 @@ full-clean: check-docker
 test: test-style test-unit test-functional
 
 test-style: docker-build-test
-	docker run --rm -v ${CURDIR}:/test -w /test/rootfs ${IMAGE}.test /test/rootfs/bin/test-style
+	$(shell chown -R 1001:1001 ${CURDIR})
+	docker run --rm -v ${CURDIR}:/tmp/test -w /tmp/test/rootfs ${IMAGE}.test /tmp/test/rootfs/bin/test-style
 	${SHELLCHECK_PREFIX} $(SHELL_SCRIPTS)
 
 test-unit: docker-build-test
@@ -63,6 +64,6 @@ test-integration:
 
 upload-coverage:
 	$(eval CI_ENV := $(shell curl -s https://codecov.io/env | bash))
-	docker run --rm ${CI_ENV} -v ${CURDIR}:/test -w /test/rootfs ${IMAGE}.test /test/rootfs/bin/upload-coverage
+	docker run --rm ${CI_ENV} -v ${CURDIR}:/tmp/test -w /tmp/test/rootfs ${IMAGE}.test /tmp/test/rootfs/bin/upload-coverage
 
 .PHONY: check-kubectl check-docker build docker-build docker-build-test deploy clean commit-hook full-clean test test-style test-unit test-functional test-integration upload-coverage

charts/helmbroker/templates/helmbroker-celery.yaml

@@ -26,11 +26,10 @@ spec:
         - name: drycc-helmbroker-celery
           image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/helmbroker:{{.Values.imageTag}}
           imagePullPolicy: {{.Values.imagePullPolicy}}
-          command:
-            - /bin/bash
-            - -c
           args:
-            - celery -A helmbroker worker --autoscale=32,1 --loglevel=info
+          - /bin/bash
+          - -c
+          - celery -A helmbroker worker --autoscale=32,1 --loglevel=info
           {{- include "helmbroker.limits" . | indent 10 }}
           {{- include "helmbroker.envs" . | indent 10 }}
           {{- include "helmbroker.volumeMounts" . | indent 10 }}

charts/helmbroker/templates/helmbroker-cronjob-daily.yaml

@@ -21,11 +21,10 @@ spec:
           - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/helmbroker:{{.Values.imageTag}}
             imagePullPolicy: {{.Values.imagePullPolicy}}
             name: drycc-helmbroker-cleaner
-            command:
-              - /bin/bash
-              - -c
             args:
-              - python -m helmbroker.cleaner
+            - /bin/bash
+            - -c
+            - python -m helmbroker.cleaner
             {{- include "helmbroker.envs" . | indent 12 }}
             {{- include "helmbroker.volumeMounts" . | indent 12 }}
           {{- include "helmbroker.volumes" . | indent 10 }}

charts/helmbroker/templates/helmbroker-deployment.yaml

@@ -26,11 +26,10 @@ spec:
         - name: loader
           image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/helmbroker:{{.Values.imageTag}}
           imagePullPolicy: {{.Values.imagePullPolicy}}
-          command:
-            - /bin/bash
-            - -c
           args:
-            - python -m helmbroker.loader
+          - /bin/bash
+          - -c
+          - python -m helmbroker.loader
           {{- include "helmbroker.envs" . | indent 10 }}
           {{- include "helmbroker.volumeMounts" . | indent 10 }}
       containers:

rootfs/Dockerfile

@@ -1,30 +1,30 @@
 FROM docker.io/drycc/base:bullseye
 
-RUN adduser --system \
-	--shell /bin/bash \
-	--disabled-password \
-	--home /workspace \
-	--group \
-	drycc
+ARG DRYCC_UID=1001
+ARG DRYCC_GID=1001
+ARG DRYCC_HOME_DIR=/workspace
+
+RUN groupadd drycc --gid ${DRYCC_GID} \
+  && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}
 
 ENV PYTHON_VERSION="3.10.2" \
   HELM_VERSION="3.8.0"
 
-COPY . /workspace
+COPY . ${DRYCC_HOME_DIR}
 
-WORKDIR /workspace
+WORKDIR ${DRYCC_HOME_DIR}
 RUN buildDeps='musl-dev openssl' \
   && install-packages $buildDeps \
   && install-stack python $PYTHON_VERSION \
   && install-stack helm $HELM_VERSION && . init-stack \
-  && python3 -m venv /workspace/.venv \
-  && source /workspace/.venv/bin/activate \
-  && pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/requirements.txt \
-  && chown -R drycc:drycc /workspace \
+  && python3 -m venv ${DRYCC_HOME_DIR}/.venv \
+  && source ${DRYCC_HOME_DIR}/.venv/bin/activate \
+  && pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/requirements.txt \
+  && chown -R drycc:drycc ${DRYCC_HOME_DIR} \
   # set env
-  && echo "source /workspace/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
+  && echo "source ${DRYCC_HOME_DIR}/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
   # cleanup
-  && scanelp /workspace/.venv/lib > runtime.txt \
+  && scanelp ${DRYCC_HOME_DIR}/.venv/lib > runtime.txt \
   && apt-get purge -y --auto-remove $buildDeps \
   && install-packages $(< runtime.txt) \
   && apt-get autoremove -y \
@@ -45,6 +45,6 @@ RUN buildDeps='musl-dev openssl' \
   && mkdir -p /usr/share/man/man{1..8}
 
 USER drycc
-WORKDIR /workspace
-CMD ["/workspace/bin/boot"]
+WORKDIR ${DRYCC_HOME_DIR}
+CMD ["bin/boot"]
 EXPOSE 8000

rootfs/Dockerfile.test

@@ -1,33 +1,32 @@
 FROM docker.io/drycc/base:bullseye
 
-RUN adduser --system \
-	--shell /bin/bash \
-	--disabled-password \
-	--home /workspace \
-	--group \
-	drycc
+ARG DRYCC_UID=1001
+ARG DRYCC_GID=1001
+ARG DRYCC_HOME_DIR=/workspace
 
+RUN groupadd drycc --gid ${DRYCC_GID} \
+  && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}
 ENV PYTHON_VERSION="3.10.2" \
   HELM_VERSION="3.8.0" \
   KUBECTL_VERSION="1.23.4"
 
-COPY . /workspace
-WORKDIR /workspace
+COPY . ${DRYCC_HOME_DIR}
+WORKDIR ${DRYCC_HOME_DIR}
 
 RUN buildDeps='musl-dev openssl'; \
   install-packages $buildDeps \
   && install-stack python $PYTHON_VERSION \
   && install-stack helm $HELM_VERSION \
   && install-stack kubectl $KUBECTL_VERSION && . init-stack \
-  && python3 -m venv /workspace/.venv \
-  && source /workspace/.venv/bin/activate \
-  && pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/requirements.txt \
-  && pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/dev_requirements.txt \
-  && chown -R drycc:drycc /workspace \
+  && python3 -m venv ${DRYCC_HOME_DIR}/.venv \
+  && source ${DRYCC_HOME_DIR}/.venv/bin/activate \
+  && pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/requirements.txt \
+  && pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/dev_requirements.txt \
+  && chown -R drycc:drycc ${DRYCC_HOME_DIR} \
   # set env
-  && echo "source /workspace/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
+  && echo "source ${DRYCC_HOME_DIR}/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
   # cleanup
-  && scanelp /workspace/.venv/lib > runtime.txt \
+  && scanelp ${DRYCC_HOME_DIR}/.venv/lib > runtime.txt \
   && apt-get purge -y --auto-remove $buildDeps \
   && install-packages $(< runtime.txt) \
   && apt-get autoremove -y \
@@ -45,9 +44,9 @@ RUN buildDeps='musl-dev openssl'; \
         /lib/udev \
         /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \
         /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \
-  && mkdir -p /usr/share/man/man{1..8} \
+  && mkdir -p /usr/share/man/man{1..8}
 
 USER drycc
-WORKDIR /workspace
-CMD ["/workspace/bin/boot"]
+WORKDIR ${DRYCC_HOME_DIR}
+CMD ["bin/boot"]
 EXPOSE 8000