docker non root user

Dockerfile

@@ -1,18 +1,35 @@
 FROM python:2.7-slim
 LABEL "MAINTAINER"="Cartologic Development Team"
 ENV PYTHONUNBUFFERED 1
+ARG PROJ_DIR=/usr/local/pycartoview/code
+ARG RUN_USER=cartoview
+ARG RUN_GROUP=cartoview
+ARG RUN_GID=2006
+ARG RUN_UID=2002
 ARG GEONODE_DEV=true
 ARG GEONODE_SHA1=992daf724e83cdb0c1eb776d147eba841ad02cd9
-ARG APP_DIR=/usr/src/carto_app
+# add our user and group first to make sure their IDs get assigned consistently, regardless of other deps added later
+RUN groupadd -r -g ${RUN_GID} ${RUN_GROUP} \
+	&& useradd -r -u ${RUN_UID} -g ${RUN_GROUP} ${RUN_USER}
+RUN mkdir -p ${PROJ_DIR} \
+	&& chown -R ${RUN_USER}:${RUN_GROUP} ${PROJ_DIR} && chmod g+s ${PROJ_DIR}
 # include GDAL HEADER Files
 # CPATH specifies a list of directories to be searched as if specified with -I,
 # but after any paths given with -I options on the command line.
 # This environment variable is used regardless of which language is being preprocessed.
 ENV CPATH "$CPATH:/usr/include/gdal:/usr/include"
-COPY scripts/docker/setup.sh ./
+COPY scripts/docker/os_setup.sh ./
+COPY scripts/docker/py_setup.sh ./
+COPY scripts/docker/clean_up.sh ./
+COPY scripts/docker/perm_setup.sh ./
 COPY . /cartoview
-RUN chmod +x setup.sh
-RUN ./setup.sh
+RUN chmod +x *.sh
+RUN ./os_setup.sh
+RUN ./py_setup.sh
+RUN ./clean_up.sh
+RUN ./perm_setup.sh
+VOLUME ${PROJ_DIR}
 # switch to project dir
-WORKDIR ${APP_DIR}
+WORKDIR ${PROJ_DIR}
+USER ${RUN_USER}
 CMD ["/bin/bash"]

requirements.txt

@@ -56,7 +56,7 @@ django-crispy-forms==1.7.2
 django-cuser==2017.3.16
 django-downloadview==1.9
 django-extensions==2.0.7
-django-filter==2.0.0
+django-filter==1.1.0
 django-floppyforms==1.7.0
 django-forms-bootstrap==3.1.0
 django-geoexplorer==4.0.41

scripts/docker/clean_up.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# cleanup image
+rm -rf ~/.cache/pip
+rm -rf /root/.cache
+apt-get purge --auto-remove -y gcc libgdal-dev libsasl2-dev \
+	zlib1g-dev python-dev build-essential
+apt autoremove --purge -y && apt autoclean -y && apt-get clean -y
+rm -rf /var/lib/apt/lists/* && apt-get clean -y &&
+	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+echo "Yes, do as I say!" | apt-get remove --force-yes login &&
+	dpkg --remove --force-depends wget

scripts/docker/os_setup.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+apt-get update -y && apt-get install wget gnupg -y
+
+# add postgres client latest
+touch /etc/apt/sources.list.d/pgdg.list &&
+	echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" >>/etc/apt/sources.list.d/pgdg.list &&
+	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+
+# add gdal repo
+echo "deb http://http.us.debian.org/debian buster main non-free contrib" >>/etc/apt/sources.list
+
+# geonode required libraries
+apt-get update -y && apt-get install -y \
+	build-essential gcc \
+	git libxml2-dev libxslt-dev python-dev \
+	gettext sqlite3 \
+	python-lxml \
+	postgresql-client libpq-dev python-psycopg2 \
+	python-imaging \
+	python-ldap \
+	libmemcached-dev libsasl2-dev \
+	python-pylibmc \
+	gdal-bin libgdal-dev libgeos-dev \
+	--no-install-recommends

scripts/docker/perm_setup.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+python_site_packages=($(python -c "import site; print(site.getsitepackages())" | tr -d '[],'))
+for i in "${python_site_packages[@]}"
+do
+   chown -R ${RUN_USER}:${RUN_GROUP} ${i} && chmod g+s ${i}
+done

scripts/docker/py_setup.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# update python pip version
+pip install --upgrade pip
+
+# install python gdal stable
+pip install GDAL==2.3.2
+
+# install geonode from commit hash if dev enabled
+if [ "$GEONODE_DEV" = true ]; then
+	git clone https://github.com/GeoNode/geonode.git &&
+		cd /geonode && git reset --hard ${GEONODE_SHA1} && pip install . &&
+		rm -rf /geonode
+fi
+# create required dirs
+mkdir -p ${PROJ_DIR}
+
+# install cartoview
+cd /cartoview && pip install . && rm -rf /cartoview