Simplified package installation order for clarity and added environment variables for NVM configuration to improve shell initialization.
		
			
				
	
	
		
			78 lines
		
	
	
	
		
			2.6 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
			
		
		
	
	
			78 lines
		
	
	
	
		
			2.6 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
| FROM debian:12
 | |
| 
 | |
| # Metadata
 | |
| LABEL maintainer="guillaume@van-hemmen.com"
 | |
| 
 | |
| # Build arguments
 | |
| ARG ARG_TZ="Europe/Paris"
 | |
| ARG ARG_NODE_MAJOR=22
 | |
| ARG GITIGNORE_URL="https://www.toptal.com/developers/gitignore/api/linux,jetbrains+all,visualstudio,visualstudiocode"
 | |
| 
 | |
| # System configuration and timezone setup
 | |
| RUN ln -snf /usr/share/zoneinfo/$ARG_TZ /etc/localtime && \
 | |
|     echo $ARG_TZ > /etc/timezone
 | |
| 
 | |
| # Install system packages in a single RUN to reduce layers
 | |
| # Split into logical groups for better readability
 | |
| RUN apt-get update && \
 | |
|     apt-get upgrade -y && \
 | |
|     apt-get install -y \
 | |
|     build-essential \
 | |
|     ca-certificates \
 | |
|     curl \
 | |
|     git \
 | |
|     gnupg2 \
 | |
|     jq \
 | |
|     nano \
 | |
|     procps \
 | |
|     python3 \
 | |
|     sudo \
 | |
|     unzip \
 | |
|     wget && \
 | |
|     # Clean up apt cache to reduce image size
 | |
|     rm -rf /var/lib/apt/lists/*
 | |
| 
 | |
| # User setup and security configuration
 | |
| # Create non-root user 'coder' with sudo privileges
 | |
| RUN useradd -m -s /bin/bash -G sudo coder && \
 | |
|     echo "coder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/coder
 | |
| 
 | |
| # Configure shell environment and git global configuration
 | |
| RUN echo "PS1='🐳 \[\033[1;36m\] \[\033[1;34m\]\W\[\033[0;35m\] \[\033[1;36m\]# \[\033[0m\]'" > /home/coder/.bashrc && \
 | |
|     mkdir -p /workspaces && \
 | |
|     chown coder:coder /home/coder/.bashrc && \
 | |
|     chown -R coder:coder /workspaces
 | |
| 
 | |
| # Run trivy to scan the system. Exit code is set to 0 as 1 would never allow to pass the scan due to debian known vulns
 | |
| RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
 | |
|        && trivy filesystem --exit-code 0 --no-progress / \
 | |
|        && rm -rf /usr/local/bin/trivy
 | |
| 
 | |
| # Switch to non-root user
 | |
| USER coder
 | |
| 
 | |
| # Configure bash environment
 | |
| ENV BASH_ENV /home/coder/.bash_env
 | |
| RUN touch "${BASH_ENV}" && \
 | |
|     echo '. "${BASH_ENV}"' >> ~/.bashrc
 | |
| 
 | |
| # Set up global gitignore
 | |
| RUN curl -sL ${GITIGNORE_URL} -o /home/coder/.gitignore && \
 | |
|     git config --global core.excludesfile /home/coder/.gitignore
 | |
| 
 | |
| # Install Node.js using NVM
 | |
| RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE="${BASH_ENV}" bash && \
 | |
|     . $BASH_ENV && \
 | |
|     nvm install ${ARG_NODE_MAJOR} && \
 | |
|     nvm alias default ${ARG_NODE_MAJOR} && \
 | |
|     nvm use ${ARG_NODE_MAJOR} && \
 | |
|     npm i -g yarn patch-package
 | |
| 
 | |
| # After installing nvm
 | |
| ENV NVM_DIR="/home/coder/.nvm"
 | |
| RUN echo 'export NVM_DIR="$HOME/.nvm"' >> /home/coder/.bash_env && \
 | |
|     echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> /home/coder/.bash_env && \
 | |
|     echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> /home/coder/.bash_env
 | |
| 
 | |
| # Install Firebase CLI
 | |
| RUN curl -sL firebase.tools | bash
 |