From fb6eabb2a398460c0e7ff9f251a370a2a2b0fb99 Mon Sep 17 00:00:00 2001 From: Daniel Henry Date: Mon, 6 Apr 2026 22:47:46 -0500 Subject: [PATCH] Updated to use /workspace for home directory Signed-off-by: Daniel Henry --- Dockerfile | 103 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 61 insertions(+), 42 deletions(-) diff --git a/Dockerfile b/Dockerfile index 59e5e00..7d344ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ ARG TARGETARCH ENV DEBIAN_FRONTEND=noninteractive ENV NODE_VERSION=25.9.0 +ENV GO_VERSION=1.26.0 RUN --mount=type=cache,id=lab-ubuntu-apt-cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,id=lab-ubuntu-apt-lists,target=/var/lib/apt,sharing=locked \ @@ -33,11 +34,12 @@ RUN --mount=type=cache,id=lab-ubuntu-apt-cache,target=/var/cache/apt,sharing=loc xz-utils \ && rm -rf /var/lib/apt/lists/* +# Install official Node.js binaries RUN set -eux; \ case "${TARGETARCH:-amd64}" in \ amd64) NODE_ARCH="x64" ;; \ arm64) NODE_ARCH="arm64" ;; \ - *) echo "Unsupported TARGETARCH: ${TARGETARCH:-unset}" >&2; exit 1 ;; \ + *) echo "Unsupported TARGETARCH for Node: ${TARGETARCH:-unset}" >&2; exit 1 ;; \ esac; \ curl -fsSLO "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz"; \ tar -xJf "node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz" -C /usr/local --strip-components=1; \ @@ -45,58 +47,75 @@ RUN set -eux; \ node --version; \ npm --version -RUN if ! getent group sandbox >/dev/null; then groupadd -g ${SANDBOX_GID} sandbox; fi \ - && if ! id -u sandbox >/dev/null 2>&1; then useradd -m -u ${SANDBOX_UID} -g ${SANDBOX_GID} -s /bin/bash sandbox; fi \ - && echo 'sandbox ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sandbox \ - && chmod 0440 /etc/sudoers.d/sandbox +# Install official Go binaries +RUN set -eux; \ + case "${TARGETARCH:-amd64}" in \ + amd64) GO_ARCH="amd64" ;; \ + arm64) GO_ARCH="arm64" ;; \ + *) echo "Unsupported TARGETARCH for Go: ${TARGETARCH:-unset}" >&2; exit 1 ;; \ + esac; \ + curl -fsSLO "https://go.dev/dl/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz"; \ + rm -rf /usr/local/go; \ + tar -xzf "go${GO_VERSION}.linux-${GO_ARCH}.tar.gz" -C /usr/local; \ + rm -f "go${GO_VERSION}.linux-${GO_ARCH}.tar.gz"; \ + /usr/local/go/bin/go version -RUN mkdir -p \ - /opt/sandbox-home-skel/.config \ - /opt/sandbox-home-skel/.local/bin \ - /opt/sandbox-home-skel/.local/lib/node_modules \ - /opt/sandbox-home-skel/.cache \ - /opt/sandbox-home-skel/.ssh \ - /opt/sandbox-home-skel/.npm \ - /opt/sandbox-home-skel/.cargo/bin \ - && printf '%s\n' \ - 'export PATH="$HOME/.local/bin:$HOME/.cargo/bin:$PATH"' \ - 'export NPM_CONFIG_PREFIX="$HOME/.local"' \ - 'export npm_config_prefix="$HOME/.local"' \ - 'export EDITOR=vi' \ - >> /opt/sandbox-home-skel/.bashrc \ - && printf '%s\n' \ - 'prefix=/home/sandbox/.local' \ - 'cache=/home/sandbox/.npm' \ - > /opt/sandbox-home-skel/.npmrc \ - && printf '%s\n' \ - '[user]' \ - ' name = sandbox' \ - ' email = sandbox@example.invalid' \ - > /opt/sandbox-home-skel/.gitconfig \ - && touch /opt/sandbox-home-skel/.hushlogin \ - && chown -R sandbox:sandbox /opt/sandbox-home-skel +# Create runtime user matching host uid/gid +RUN set -eux; \ + if ! getent group sandbox >/dev/null; then groupadd -g "${SANDBOX_GID}" sandbox; fi; \ + if ! id -u sandbox >/dev/null 2>&1; then useradd -m -u "${SANDBOX_UID}" -g "${SANDBOX_GID}" -s /bin/bash sandbox; fi; \ + echo 'sandbox ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sandbox; \ + chmod 0440 /etc/sudoers.d/sandbox -ENV HOME=/home/sandbox -ENV NPM_CONFIG_PREFIX=/home/sandbox/.local -ENV npm_config_prefix=/home/sandbox/.local -ENV PATH=/home/sandbox/.local/bin:/home/sandbox/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +# Make /workspace the effective HOME for all user-installed tools +ENV HOME=/workspace +ENV GOPATH=/workspace/go +ENV NPM_CONFIG_PREFIX=/workspace/.local +ENV npm_config_prefix=/workspace/.local +ENV PIP_DISABLE_PIP_VERSION_CHECK=1 +ENV PATH=/workspace/.local/bin:/workspace/.cargo/bin:/workspace/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Global shell defaults for interactive sessions +RUN printf '%s\n' \ + 'export HOME=/workspace' \ + 'export GOPATH=/workspace/go' \ + 'export NPM_CONFIG_PREFIX=/workspace/.local' \ + 'export npm_config_prefix=/workspace/.local' \ + 'export PATH=/workspace/.local/bin:/workspace/.cargo/bin:/workspace/go/bin:/usr/local/go/bin:$PATH' \ + 'export EDITOR=vi' \ + > /etc/profile.d/workspace-home.sh \ + && chmod 0644 /etc/profile.d/workspace-home.sh COPY --chmod=755 <<'EOF' /usr/local/bin/sandbox-entrypoint.sh #!/usr/bin/env bash set -euo pipefail -HOME_DIR="${HOME:-/home/sandbox}" -SKEL_DIR="/opt/sandbox-home-skel" -SEED_MARKER="${HOME_DIR}/.sandbox-home-seeded" +export HOME="${HOME:-/workspace}" +export GOPATH="${GOPATH:-$HOME/go}" +export NPM_CONFIG_PREFIX="${NPM_CONFIG_PREFIX:-$HOME/.local}" +export npm_config_prefix="${npm_config_prefix:-$HOME/.local}" +export PATH="$HOME/.local/bin:$HOME/.cargo/bin:$HOME/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -mkdir -p "${HOME_DIR}" "${HOME_DIR}/.local/bin" "${HOME_DIR}/.local/lib/node_modules" "${HOME_DIR}/.npm" +mkdir -p \ + "$HOME" \ + "$HOME/.local/bin" \ + "$HOME/.local/lib/node_modules" \ + "$HOME/.cache" \ + "$HOME/.config" \ + "$HOME/.npm" \ + "$HOME/.cargo/bin" \ + "$HOME/go/bin" \ + "$HOME/go/pkg" -if [ ! -e "${SEED_MARKER}" ]; then - rsync -a --no-o --no-g --ignore-existing "${SKEL_DIR}/" "${HOME_DIR}/" - touch "${SEED_MARKER}" +# Keep npm cache/user config inside the workspace-mounted home. +if [ ! -f "$HOME/.npmrc" ]; then + cat > "$HOME/.npmrc" </dev/null || cd "${HOME_DIR}" +cd /workspace 2>/dev/null || cd "$HOME" exec "$@" EOF