FROM debian:12
# Metadata
LABEL maintainer="guillaume@van-hemmen.com"
# Build arguments
ARG ARG_TZ="Europe/Paris"
ARG ARG_NODE_MAJOR=22
# System configuration and timezone setup
RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \
echo $ARG_TZ > /etc/timezone
# Install system packages in a single RUN to reduce layers
# Split into logical groups for better readability
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y \
# Development tools
build-essential \
git \
python3 \
# System utilities
ca-certificates \
curl \
gnupg2 \
procps \
sudo \
unzip \
wget \
nano \
jq && \
# Clean up apt cache to reduce image size
rm -rf /var/lib/apt/lists/*
# User setup and security configuration
# Create non-root user 'coder' with sudo privileges
RUN useradd -m -s /bin/bash -G sudo coder && \
echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder
# Configure shell environment
RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \
mkdir -p /workspaces && \
chown coder:coder /home/coder/.bashrc && \
chown -R coder:coder /workspaces
# Run trivy to scan the system. Exit code is set to 0 as 1 would never allow to pass the scan due to debian known vulns
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy filesystem --exit-code 0 --no-progress / \
&& rm -rf /usr/local/bin/trivy
# Switch to non-root user
USER coder
# Configure bash environment
ENV BASH_ENV /home/coder/.bash_env
RUN touch "${BASH_ENV}" && \
echo '. "${BASH_ENV}"' >> ~/.bashrc
# Install Node.js using NVM
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE="${BASH_ENV}" bash && \
. $BASH_ENV && \
nvm install ${ARG_NODE_MAJOR} && \
nvm alias default ${ARG_NODE_MAJOR} && \
nvm use ${ARG_NODE_MAJOR} && \
npm i -g yarn patch-package
# Install Firebase CLI
RUN curl -sL firebase.tools | bash