TSYSDevStack/ToolboxStack/output/toolbox-template/Dockerfile

# Extend from the toolbox-base image
FROM tsysdevstack-toolboxstack-toolbox-base:release-current

# Set build arguments (these can be overridden at build time)
ARG USER_ID=1000
ARG GROUP_ID=1000
ARG USERNAME=toolbox

# Ensure the non-root user exists with the correct UID/GID
# Check if user/group already exists and handle appropriately
RUN if getent passwd "${USER_ID}" >/dev/null; then \
        existing_user="$(getent passwd "${USER_ID}" | cut -d: -f1)"; \
        echo "User with UID ${USER_ID} already exists: ${existing_user}" >&2; \
    else \
        if ! getent group "${GROUP_ID}" >/dev/null; then \
            groupadd --gid "${GROUP_ID}" "${USERNAME}"; \
        fi \
        useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}"; \
    fi

# Install toolbox-specific packages here
# Example:
# RUN apt-get update && apt-get install -y --no-install-recommends \
#     specific-package \
#     && apt-get clean \
#     && rm -rf /var/lib/apt/lists/*

# Install toolbox-specific aqua packages here
# Example:
# COPY aqua.yaml /tmp/aqua.yaml
# RUN chown "${USER_ID}:${GROUP_ID}" /tmp/aqua.yaml \
#     && su - "${USERNAME}" -c 'mkdir -p ~/.config/aquaproj-aqua' \
#     && su - "${USERNAME}" -c 'cp /tmp/aqua.yaml ~/.config/aquaproj-aqua/aqua.yaml' \
#     && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install \
#     && su - "${USERNAME}" -c 'AQUA_GLOBAL_CONFIG=~/.config/aquaproj-aqua/aqua.yaml aqua install'

# Install toolbox-specific npm packages here
# Example:
# RUN su - "${USERNAME}" -c 'mise exec -- npm install -g @scope/package@version'

# Prepare workspace directory with appropriate ownership
RUN mkdir -p /workspace \
    && chown "${USER_ID}:${GROUP_ID}" /workspace

# Remove sudo to ensure no root escalation is possible at runtime
RUN apt-get remove -y sudo 2>/dev/null || true && apt-get autoremove -y 2>/dev/null || true && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

ENV SHELL=/usr/bin/zsh \
    AQUA_GLOBAL_CONFIG=/home/${USERNAME}/.config/aquaproj-aqua/aqua.yaml \
    PATH=/home/${USERNAME}/.local/share/aquaproj-aqua/bin:/home/${USERNAME}/.local/share/mise/shims:/home/${USERNAME}/.local/bin:${PATH}

WORKDIR /workspace
USER ${USERNAME}

CMD ["/usr/bin/zsh"]