- Use non root user (close #8) (#9)

aifrak · Jul 11, 2020 · 112edb3 · 112edb3
1 parent bdb0f50
commit 112edb3
Showing 1 changed file with 31 additions and 30 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,39 +1,17 @@
 FROM debian:buster-slim
 
-ENV ZSH_DIR=/zsh
-ENV ZSH_DOCKER=/zsh/docker
-ARG BUILD_DEPS="ca-certificates wget git"
-
-RUN set -ex \
-  && mkdir $ZSH_DIR \
-  && mkdir -p $ZSH_DOCKER
-
-WORKDIR $ZSH_DIR
-
 RUN set -ex \
   && apt-get update \
   # install dependencies
   && apt-get install --yes --no-install-recommends \
-  $BUILD_DEPS \
+  ca-certificates \
   wget \
   git \
   zsh \
   # clean cache and temporary files
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* *.deb
 
-# install oh-my-zsh
-RUN set -ex \
-  && wget -qO- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh | zsh || true \
-  && mv /root/.oh-my-zsh $ZSH_DIR
-
-# install oh-my-zsh plugins
-RUN set -ex \
-  && ZSH_CUSTOM=$ZSH_DIR/.oh-my-zsh/custom \
-  && git clone --single-branch --branch '0.7.1' --depth 1 https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_CUSTOM/plugins/zsh-syntax-highlighting \
-  && git clone --single-branch --branch 'v0.6.4' --depth 1 https://github.com/zsh-users/zsh-autosuggestions.git $ZSH_CUSTOM/plugins/zsh-autosuggestions \
-  && git clone --single-branch --depth 1 https://github.com/romkatv/powerlevel10k.git $ZSH_CUSTOM/themes/powerlevel10k
-
 # install FZF - executable only (required for zsh-interactive-cd)
 RUN set -ex \
   && FZF_VERSION="0.21.1" \
@@ -55,7 +33,7 @@ RUN set -ex \
 # install Fira Code from Nerd fonts
 RUN set -ex \
   && NERDS_FONT_VERSION="2.1.0" \
-  && FONT_DIR=$ZSH_DIR/fonts \
+  && FONT_DIR=/usr/local/share/fonts \
   && FIRA_CODE_URL=https://github.com/ryanoasis/nerd-fonts/raw/${NERDS_FONT_VERSION}/patched-fonts/FiraCode \
   && FIRA_CODE_LIGHT_DOWNLOAD_SHA256="5e0e3b18b99fc50361a93d7eb1bfe7ed7618769f4db279be0ef1f00c5b9607d6" \
   && FIRA_CODE_REGULAR_DOWNLOAD_SHA256="3771e47c48eb273c60337955f9b33d95bd874d60d52a1ba3dbed924f692403b3" \
@@ -74,12 +52,35 @@ RUN set -ex \
   && echo "$FIRA_CODE_BOLD_DOWNLOAD_SHA256  $FONT_DIR/Fura Code Bold Nerd Font Complete.ttf" | sha256sum -c - \
   && echo "$FIRA_CODE_RETINA_DOWNLOAD_SHA256  $FONT_DIR/Fura Code Retina Nerd Font Complete.ttf" | sha256sum -c -
 
-# remove dependencies
+ARG APP_USER=zsh-user
+ARG APP_USER_GROUP=www-data
+ARG APP_USER_HOME=/home/$APP_USER
+
+# create non root user
+RUN \
+  adduser --quiet --disabled-password \
+  --shell /bin/bash \
+  --gecos "ZSH user" $APP_USER \
+  --ingroup $APP_USER_GROUP
+
+USER $APP_USER
+WORKDIR $APP_USER_HOME
+
+# install oh-my-zsh
+RUN set -ex \
+  && wget -qO- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh | zsh || true
+
+ARG ZSH_CUSTOM=$APP_USER_HOME/.oh-my-zsh/custom
+ARG ZSH_PLUGINS=$ZSH_CUSTOM/plugins
+ARG ZSH_THEMES=$ZSH_CUSTOM/themes
+
+# install oh-my-zsh plugins and theme
 RUN set -ex \
-  && apt-get purge -y --auto-remove $BUILD_DEPS
+  && git clone --single-branch --branch '0.7.1' --depth 1 https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_PLUGINS/zsh-syntax-highlighting \
+  && git clone --single-branch --branch 'v0.6.4' --depth 1 https://github.com/zsh-users/zsh-autosuggestions.git $ZSH_PLUGINS/zsh-autosuggestions \
+  && git clone --single-branch --depth 1 https://github.com/romkatv/powerlevel10k.git $ZSH_THEMES/powerlevel10k
 
-COPY ./config/.zshrc $ZSH_DOCKER/.zshrc
-COPY ./config/.p10k.zsh $ZSH_DOCKER/.p10k.zsh
-COPY ./config/aliases.zsh $ZSH_DOCKER/aliases.zsh
+COPY --chown=$APP_USER:$APP_USER_GROUP ./config/.zshrc ./config/.p10k.zsh $APP_USER_HOME/
+COPY --chown=$APP_USER:$APP_USER_GROUP ./config/aliases.zsh $ZSH_CUSTOM
 
-CMD ["bash"]
+CMD ["zsh"]