Update how permissions/users are set up on CI docker image

elastic · Nov 3, 2023 · 04cdcc5 · 04cdcc5
1 parent ab10e46
commit 04cdcc5
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 21 deletions.
diff --git a/.ci/Dockerfile b/.ci/Dockerfile
@@ -12,15 +12,19 @@ RUN apt-get clean -y && \
     apt-get install -y zip
 
 # Set user permissions and directory
-RUN groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP} \
-    && useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GROUP} -m elastic 1>/dev/null 2>/dev/null \
+RUN (id -g ${BUILDER_GID} || groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP}) \
+    && (id -u ${BUILDER_UID} || useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GID} -m elastic) \
     && mkdir -p /usr/src/elasticsearch-js \
-    && chown -R ${BUILDER_USER}:${BUILDER_GROUP} /usr/src/
+    && chown -R ${BUILDER_UID}:${BUILDER_GID} /usr/src/
+
 WORKDIR /usr/src/elasticsearch-js
-USER ${BUILDER_USER}:${BUILDER_GROUP}
 
-# Install app dependencies
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP package*.json ./
-RUN npm install
+# run remainder of commands as non-root user
+USER ${BUILDER_UID}:${BUILDER_GID}
+
+# install dependencies
+COPY package.json .
+RUN npm install --production=false
 
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP . .
+# copy project files
+COPY . .
diff --git a/.ci/make.sh b/.ci/make.sh
@@ -144,19 +144,35 @@ docker build \
 
 echo -e "\033[34;1mINFO: running $product container\033[0m"
 
-docker run \
-  --volume "$repo:/usr/src/elasticsearch-js" \
-  --volume /usr/src/elasticsearch-js/node_modules \
-  -u "$(id -u):$(id -g)" \
-  --env "WORKFLOW=$WORKFLOW" \
-  --name make-elasticsearch-js \
-  --rm \
-  $product \
-  /bin/bash -c "cd /usr/src && \
-    git clone https://$CLIENTS_GITHUB_TOKEN@github.com/elastic/elastic-client-generator-js.git && \
-    mkdir -p /usr/src/elastic-client-generator-js/output && \
-    cd /usr/src/elasticsearch-js && \
-    node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}"
+if [[ -z "${BUILDKITE+x}" ]] && [[ -z "${CI+x}" ]] && [[ -z "${GITHUB_ACTIONS+x}" ]]; then
+  echo -e "\033[34;1mINFO: Running in local mode"
+  docker run \
+    -u "$(id -u):$(id -g)" \
+    --volume "$repo:/usr/src/elasticsearch-js" \
+    --volume /usr/src/elasticsearch-js/node_modules \
+    --volume "$(realpath $repo/../elastic-client-generator-js):/usr/src/elastic-client-generator-js" \
+    --env "WORKFLOW=$WORKFLOW" \
+    --name make-elasticsearch-js \
+    --rm \
+    $product \
+    /bin/bash -c "mkdir -p /usr/src/elastic-client-generator-js/output && \
+      node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}"
+else
+  echo -e "\033[34;1mINFO: Running in CI mode"
+  docker run \
+    --volume "$repo:/usr/src/elasticsearch-js" \
+    --volume /usr/src/elasticsearch-js/node_modules \
+    -u "$(id -u):$(id -g)" \
+    --env "WORKFLOW=$WORKFLOW" \
+    --name make-elasticsearch-js \
+    --rm \
+    $product \
+    /bin/bash -c "cd /usr/src && \
+      git clone https://$CLIENTS_GITHUB_TOKEN@github.com/elastic/elastic-client-generator-js.git && \
+      mkdir -p /usr/src/elastic-client-generator-js/output && \
+      cd /usr/src/elasticsearch-js && \
+      node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}"
+fi
 
 # ------------------------------------------------------- #
 # Post Command tasks & checks