Updated to use /workspace for home directory

Signed-off-by: Daniel Henry <iamdanhenry@gmail.com>

Dockerfile

@@ -8,6 +8,7 @@ ARG TARGETARCH
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV NODE_VERSION=25.9.0
+ENV GO_VERSION=1.26.0
 
 RUN --mount=type=cache,id=lab-ubuntu-apt-cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,id=lab-ubuntu-apt-lists,target=/var/lib/apt,sharing=locked \
@@ -33,11 +34,12 @@ RUN --mount=type=cache,id=lab-ubuntu-apt-cache,target=/var/cache/apt,sharing=loc
         xz-utils \
     && rm -rf /var/lib/apt/lists/*
 
+# Install official Node.js binaries
 RUN set -eux; \
     case "${TARGETARCH:-amd64}" in \
       amd64) NODE_ARCH="x64" ;; \
       arm64) NODE_ARCH="arm64" ;; \
-      *) echo "Unsupported TARGETARCH: ${TARGETARCH:-unset}" >&2; exit 1 ;; \
+      *) echo "Unsupported TARGETARCH for Node: ${TARGETARCH:-unset}" >&2; exit 1 ;; \
     esac; \
     curl -fsSLO "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz"; \
     tar -xJf "node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz" -C /usr/local --strip-components=1; \
@@ -45,58 +47,75 @@ RUN set -eux; \
     node --version; \
     npm --version
 
-RUN if ! getent group sandbox >/dev/null; then groupadd -g ${SANDBOX_GID} sandbox; fi \
-    && if ! id -u sandbox >/dev/null 2>&1; then useradd -m -u ${SANDBOX_UID} -g ${SANDBOX_GID} -s /bin/bash sandbox; fi \
-    && echo 'sandbox ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sandbox \
-    && chmod 0440 /etc/sudoers.d/sandbox
+# Install official Go binaries
+RUN set -eux; \
+    case "${TARGETARCH:-amd64}" in \
+      amd64) GO_ARCH="amd64" ;; \
+      arm64) GO_ARCH="arm64" ;; \
+      *) echo "Unsupported TARGETARCH for Go: ${TARGETARCH:-unset}" >&2; exit 1 ;; \
+    esac; \
+    curl -fsSLO "https://go.dev/dl/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz"; \
+    rm -rf /usr/local/go; \
+    tar -xzf "go${GO_VERSION}.linux-${GO_ARCH}.tar.gz" -C /usr/local; \
+    rm -f "go${GO_VERSION}.linux-${GO_ARCH}.tar.gz"; \
+    /usr/local/go/bin/go version
 
-RUN mkdir -p \
-      /opt/sandbox-home-skel/.config \
-      /opt/sandbox-home-skel/.local/bin \
-      /opt/sandbox-home-skel/.local/lib/node_modules \
-      /opt/sandbox-home-skel/.cache \
-      /opt/sandbox-home-skel/.ssh \
-      /opt/sandbox-home-skel/.npm \
-      /opt/sandbox-home-skel/.cargo/bin \
-    && printf '%s\n' \
-       'export PATH="$HOME/.local/bin:$HOME/.cargo/bin:$PATH"' \
-       'export NPM_CONFIG_PREFIX="$HOME/.local"' \
-       'export npm_config_prefix="$HOME/.local"' \
-       'export EDITOR=vi' \
-       >> /opt/sandbox-home-skel/.bashrc \
-    && printf '%s\n' \
-       'prefix=/home/sandbox/.local' \
-       'cache=/home/sandbox/.npm' \
-       > /opt/sandbox-home-skel/.npmrc \
-    && printf '%s\n' \
-       '[user]' \
-       '  name = sandbox' \
-       '  email = sandbox@example.invalid' \
-       > /opt/sandbox-home-skel/.gitconfig \
-    && touch /opt/sandbox-home-skel/.hushlogin \
-    && chown -R sandbox:sandbox /opt/sandbox-home-skel
+# Create runtime user matching host uid/gid
+RUN set -eux; \
+    if ! getent group sandbox >/dev/null; then groupadd -g "${SANDBOX_GID}" sandbox; fi; \
+    if ! id -u sandbox >/dev/null 2>&1; then useradd -m -u "${SANDBOX_UID}" -g "${SANDBOX_GID}" -s /bin/bash sandbox; fi; \
+    echo 'sandbox ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sandbox; \
+    chmod 0440 /etc/sudoers.d/sandbox
 
-ENV HOME=/home/sandbox
-ENV NPM_CONFIG_PREFIX=/home/sandbox/.local
-ENV npm_config_prefix=/home/sandbox/.local
-ENV PATH=/home/sandbox/.local/bin:/home/sandbox/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Make /workspace the effective HOME for all user-installed tools
+ENV HOME=/workspace
+ENV GOPATH=/workspace/go
+ENV NPM_CONFIG_PREFIX=/workspace/.local
+ENV npm_config_prefix=/workspace/.local
+ENV PIP_DISABLE_PIP_VERSION_CHECK=1
+ENV PATH=/workspace/.local/bin:/workspace/.cargo/bin:/workspace/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Global shell defaults for interactive sessions
+RUN printf '%s\n' \
+    'export HOME=/workspace' \
+    'export GOPATH=/workspace/go' \
+    'export NPM_CONFIG_PREFIX=/workspace/.local' \
+    'export npm_config_prefix=/workspace/.local' \
+    'export PATH=/workspace/.local/bin:/workspace/.cargo/bin:/workspace/go/bin:/usr/local/go/bin:$PATH' \
+    'export EDITOR=vi' \
+    > /etc/profile.d/workspace-home.sh \
+    && chmod 0644 /etc/profile.d/workspace-home.sh
 
 COPY --chmod=755 <<'EOF' /usr/local/bin/sandbox-entrypoint.sh
 #!/usr/bin/env bash
 set -euo pipefail
 
-HOME_DIR="${HOME:-/home/sandbox}"
-SKEL_DIR="/opt/sandbox-home-skel"
-SEED_MARKER="${HOME_DIR}/.sandbox-home-seeded"
+export HOME="${HOME:-/workspace}"
+export GOPATH="${GOPATH:-$HOME/go}"
+export NPM_CONFIG_PREFIX="${NPM_CONFIG_PREFIX:-$HOME/.local}"
+export npm_config_prefix="${npm_config_prefix:-$HOME/.local}"
+export PATH="$HOME/.local/bin:$HOME/.cargo/bin:$HOME/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-mkdir -p "${HOME_DIR}" "${HOME_DIR}/.local/bin" "${HOME_DIR}/.local/lib/node_modules" "${HOME_DIR}/.npm"
+mkdir -p \
+  "$HOME" \
+  "$HOME/.local/bin" \
+  "$HOME/.local/lib/node_modules" \
+  "$HOME/.cache" \
+  "$HOME/.config" \
+  "$HOME/.npm" \
+  "$HOME/.cargo/bin" \
+  "$HOME/go/bin" \
+  "$HOME/go/pkg"
 
-if [ ! -e "${SEED_MARKER}" ]; then
-  rsync -a --no-o --no-g --ignore-existing "${SKEL_DIR}/" "${HOME_DIR}/"
-  touch "${SEED_MARKER}"
+# Keep npm cache/user config inside the workspace-mounted home.
+if [ ! -f "$HOME/.npmrc" ]; then
+  cat > "$HOME/.npmrc" <<NPMRC
+prefix=${HOME}/.local
+cache=${HOME}/.npm
+NPMRC
 fi
 
-cd /workspace 2>/dev/null || cd "${HOME_DIR}"
+cd /workspace 2>/dev/null || cd "$HOME"
 exec "$@"
 EOF