build: custom user with UID and GID

1 month ago · d57e2022fb
1 changed files with 9 additions and 11 deletions
--- a/20
+++ b/20
@ -1,5 +1,4 @@
 ARG PYTHON="python:3.12-alpine3.21"
-ARG RUNAS="root"

 FROM ${PYTHON} AS builder
 RUN apk add uv
@ -13,21 +12,20 @@ RUN --mount=type=bind,ro,source=uv.lock,target=uv.lock \
    pip wheel --require-hashes -r requirements.txt --wheel-dir /wheels/ && \
    pip wheel --no-deps ./src/syncplay/ --wheel-dir /wheels/

-FROM ${PYTHON} AS root
+FROM ${PYTHON}
 RUN sh -c '[ $(apk info -e libgcc) ] || apk add --no-cache libgcc'
 RUN --mount=type=cache,ro,from=builder,source=/wheels/,target=/wheels/ \
    cd /usr/local/lib/python3.*/ && ls /wheels/*.whl | xargs -P0 -n1 unzip -qd ./site-packages/
 COPY ./src/boot.py /usr/bin/syncplay
-ENV PYTHONUNBUFFERED=1
-EXPOSE 8999

-FROM root AS user
-ARG USER_UID=800
-ARG USER_GID=800
-RUN addgroup -g "${USER_GID}" -S syncplay && \
-    adduser -u "${USER_UID}" -S syncplay -G syncplay
-USER syncplay
+ARG USER_UID=0
+ARG USER_GID=0
+RUN sh -c '[ $(getent group ${USER_GID}) ] || addgroup -g ${USER_GID} -S syncplay' && \
+    sh -c '[ $(getent passwd ${USER_UID}) ] || adduser -u ${USER_UID} -G $(getent group ${USER_GID} | cut -d: -f1) -S syncplay' && \
+    rm -rf /etc/group- /etc/passwd- /etc/shadow-
+USER ${USER_UID}:${USER_GID}

-FROM ${RUNAS}
+EXPOSE 8999
 WORKDIR /data/
+ENV PYTHONUNBUFFERED=1
 ENTRYPOINT ["syncplay"]