# Extend from the toolbox-base image FROM tsysdevstack-toolboxstack-toolbox-base:release-current # Set build arguments (these can be overridden at build time) ARG USER_ID=1000 ARG GROUP_ID=1000 ARG USERNAME=toolbox # Ensure the non-root user exists with the correct UID/GID # Check if user/group already exists and handle appropriately RUN if getent passwd "${USER_ID}" >/dev/null; then \ existing_user="$(getent passwd "${USER_ID}" | cut -d: -f1)"; \ echo "User with UID ${USER_ID} already exists: ${existing_user}" >&2; \ else \ if ! getent group "${GROUP_ID}" >/dev/null; then \ groupadd --gid "${GROUP_ID}" "${USERNAME}"; \ fi \ useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}"; \ fi # Install toolbox-specific packages here # Example: # RUN apt-get update && apt-get install -y --no-install-recommends \ # specific-package \ # && apt-get clean \ # && rm -rf /var/lib/apt/lists/* # Install toolbox-specific aqua packages here # Example: # COPY aqua.yaml /tmp/aqua.yaml # RUN chown "${USER_ID}:${GROUP_ID}" /tmp/aqua.yaml \ # && su - "${USERNAME}" -c 'mkdir -p ~/.config/aquaproj-aqua' \ # && su - "${USERNAME}" -c 'cp /tmp/aqua.yaml ~/.config/aquaproj-aqua/aqua.yaml' \ # && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install \ # && su - "${USERNAME}" -c 'AQUA_GLOBAL_CONFIG=~/.config/aquaproj-aqua/aqua.yaml aqua install' # Install toolbox-specific npm packages here # Example: # RUN su - "${USERNAME}" -c 'mise exec -- npm install -g @scope/package@version' # Prepare workspace directory with appropriate ownership RUN mkdir -p /workspace \ && chown "${USER_ID}:${GROUP_ID}" /workspace # Remove sudo to ensure no root escalation is possible at runtime RUN apt-get remove -y sudo 2>/dev/null || true && apt-get autoremove -y 2>/dev/null || true && rm -rf /var/lib/apt/lists/* 2>/dev/null || true ENV SHELL=/usr/bin/zsh \ AQUA_GLOBAL_CONFIG=/home/${USERNAME}/.config/aquaproj-aqua/aqua.yaml \ PATH=/home/${USERNAME}/.local/share/aquaproj-aqua/bin:/home/${USERNAME}/.local/share/mise/shims:/home/${USERNAME}/.local/bin:${PATH} WORKDIR /workspace USER ${USERNAME} CMD ["/usr/bin/zsh"]