From ce506718034e6b0ebeb09fa60d95ad57fb61ea50 Mon Sep 17 00:00:00 2001
From: Bill Allen <ballen@spectric.com>
Date: Mon, 17 Apr 2023 19:06:07 -0400
Subject: [PATCH 1/2] Working on a version of the container that doesn't
 execute as root.

---
 .github/workflows/release.yml |  2 ++
 .github/workflows/test.yml    |  2 ++
 Dockerfile                    | 16 +++++++++-------
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9e70bbb..5af02f8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,6 +6,8 @@ on:
 
 env:
   REGISTRY: ghcr.io
+  DOCKER_BUILDKIT: 1
+  BUILDKIT_PROGRESS: plain
 
 jobs:
   build-and-push-image:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fdd2777..49fabf5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,8 @@ on:
 
 env:
   REGISTRY: ghcr.io
+  DOCKER_BUILDKIT: 1
+  BUILDKIT_PROGRESS: plain
 
 jobs:
   test:
diff --git a/Dockerfile b/Dockerfile
index 3b9329b..4c0c284 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,16 +13,18 @@ RUN poetry build
 
 FROM python:3.10 AS deployment
 LABEL maintainer="foss@spectric.com"
+RUN useradd -d /home/datashader datashader && \
+    mkdir -p /home/datashader /opt/elastic_datashader/tms-cache && \
+    chown -R datashader:datashader /home/datashader /opt/elastic_datashader
 
-ENV PIP_ROOT_USER_ACTION=ignore
-
-COPY --from=builder /build/dist/*.whl /opt/elastic_datashader/
-RUN mkdir -p /opt/elastic_datashader/tms-cache && \
-    pip install --upgrade pip && \
-    pip install --no-cache-dir /opt/elastic_datashader/*.whl && \
+USER datashader
+RUN mkdir /home/datashader/tmp
+COPY --from=builder /build/dist/*.whl /home/datashader/tmp/
+RUN pip install --upgrade pip && \
+    pip install --no-cache-dir /home/datashader/*.whl && \
     pip install uvicorn
 
-COPY deployment/logging_config.yml /opt/elastic_datashader
+COPY deployment/logging_config.yml /opt/elastic_datashader/
 
 VOLUME ["/opt/elastic_datashader/tms-cache"]
 ENV DATASHADER_CACHE_DIRECTORY=/opt/elastic_datashader/tms-cache

From 622b47cb848f8a6983bfef0c522d1b7aa31eeea1 Mon Sep 17 00:00:00 2001
From: Bill Allen <ballen@spectric.com>
Date: Tue, 18 Apr 2023 09:41:45 -0400
Subject: [PATCH 2/2] Corrected wheel install path.

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4c0c284..3080a14 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,7 @@ USER datashader
 RUN mkdir /home/datashader/tmp
 COPY --from=builder /build/dist/*.whl /home/datashader/tmp/
 RUN pip install --upgrade pip && \
-    pip install --no-cache-dir /home/datashader/*.whl && \
+    pip install --no-cache-dir /home/datashader/tmp/*.whl && \
     pip install uvicorn
 
 COPY deployment/logging_config.yml /opt/elastic_datashader/