Merge branch 'pr-fix-failures-on-non-root' into prp-fix-failures-on-non-root

Author: monaka

dockerfiles/remote-plugin-dotnet-2.2.105/Dockerfile

@@ -54,7 +54,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
     # Install typescript@2.9.2 and node-gyp
 
-    &&  yarn global add typescript@2.9.2 node-gyp
+    &&  yarn global add typescript@2.9.2 node-gyp \
+    &&  node-gyp install
 
 ENV HOME=/home/theia
 COPY --from=endpoint /home/theia /home/theia

dockerfiles/theia-dev/Dockerfile

@@ -13,6 +13,15 @@
 #
 FROM node:10.15-alpine
 
+# Add npm global bin directory to the path
+ENV HOME=/home/theia-dev \
+    PATH=/home/theia-dev/.npm-global/bin:${PATH} \
+    # Specify the directory of git (avoid to search at init of Theia)
+    USE_LOCAL_GIT=true \
+    LOCAL_GIT_DIRECTORY=/usr \
+    GIT_EXEC_PATH=/usr/libexec/git-core \
+    THEIA_ELECTRON_SKIP_REPLACE_FFMPEG=true
+
 RUN apk add --update --no-cache \
     # Download some files
     curl \
@@ -26,17 +35,15 @@ RUN apk add --update --no-cache \
     less \
     # bash shell
     bash \
+    # give root privilege
+    sudo \
+    # for useradd command
+    shadow \
     # some lib to compile 'native-keymap' npm mpdule
-    libx11-dev libxkbfile-dev
-
-# Add npm global bin directory to the path
-ENV HOME=/home/theia-dev \
-    PATH=/home/theia-dev/.npm-global/bin:${PATH} \
-    # Specify the directory of git (avoid to search at init of Theia)
-    USE_LOCAL_GIT=true \
-    LOCAL_GIT_DIRECTORY=/usr \
-    GIT_EXEC_PATH=/usr/libexec/git-core \
-    THEIA_ELECTRON_SKIP_REPLACE_FFMPEG=true
+    libx11-dev libxkbfile-dev && \
+    useradd -u 1001 -U -G root -d ${HOME} -s /bin/bash theia-dev && \
+    apk del --no-cache shadow && \
+    echo "%root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 
 # Define package of the theia generator to use
 ARG THEIA_GENERATOR_PACKAGE=@eclipse-che/theia-generator@0.0.1-1559634039
@@ -49,25 +56,25 @@ EXPOSE 3000 3030
 # Configure npm and yarn to use home folder for global dependencies
 RUN npm config set prefix "${HOME}/.npm-global" && \
     echo "--global-folder \"${HOME}/.yarn-global\"" > ${HOME}/.yarnrc && \
+    # Setup node-gyp. Yarn will be failed unless installing required files here.
+    yarn global add node-gyp && node-gyp install && \
     # add eclipse che theia generator
     yarn global add yo @theia/generator-plugin@0.0.1-1540209403 ${THEIA_GENERATOR_PACKAGE} && \
     # Generate .passwd.template \
-    cat /etc/passwd | \
-    sed s#root:x.*#theia-dev:x:\${USER_ID}:\${GROUP_ID}::${HOME}:/bin/bash#g \
-    > ${HOME}/.passwd.template && \
-    # Generate .group.template \
-    cat /etc/group | \
-    sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g \
-    > ${HOME}/.group.template && \
+    sed -e "s#^theia-dev:x.*#theia-dev:x:\${USER_ID}:\${GROUP_ID}::${HOME}:/bin/bash#g" \
+        /etc/passwd > ${HOME}/.passwd.template && \
+    sed -e 's#^theia-dev:.*#theia-dev:x:${GROUP_ID}:#g' \
+        /etc/group > ${HOME}/.group.template && \
     mkdir /projects && \
     # Define default prompt
     echo "export PS1='\[\033[01;33m\](\u@container)\[\033[01;36m\] (\w) \$ \[\033[00m\]'" > ${HOME}/.bashrc  && \
     # Disable the statistics for yeoman
     mkdir -p ${HOME}/.config/insight-nodejs/ && \
     echo '{"optOut": true}' > ${HOME}/.config/insight-nodejs/insight-yo.json && \
     # Change permissions to let any arbitrary user
-    for f in "${HOME}" "/etc/passwd" "/etc/group" "/projects"; do \
-        echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
+    for f in "${HOME}" /projects /etc/passwd /etc/group; do \
+        echo "Changing permissions on ${f}" && \
+        chgrp -R 0 ${f} && \
         chmod -R g+rwX ${f}; \
     done
 

dockerfiles/theia-dev/e2e/Dockerfile

@@ -11,7 +11,7 @@ FROM ${BUILD_ORGANIZATION}/${BUILD_PREFIX}-theia-dev:${BUILD_TAG}
 # define in env variable GITHUB_TOKEN
 ARG GITHUB_TOKEN
 
-# Just try to build the latest theia with current image
-RUN git clone -b 'master' --single-branch --depth 1 https://github.com/theia-ide/theia theia
-RUN cd theia && yarn
+ADD src/test-entrypoint.sh /test-entrypoint.sh
+
+CMD ["/test-entrypoint.sh"]
 

dockerfiles/theia-dev/e2e/build.sh

@@ -11,3 +11,6 @@ base_dir=$(cd "$(dirname "$0")"; pwd)
 
 init --name:theia-builder-e2e "$@"
 build
+if ! skip_tests; then
+  bash "${base_dir}"/test.sh "$@"
+fi

dockerfiles/theia-dev/e2e/src/test-entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+. /entrypoint.sh
+
+cd /projects
+
+# Just try to build the latest theia with current image
+git clone -b 'master' --single-branch --depth 1 https://github.com/theia-ide/theia theia
+cd theia && yarn

dockerfiles/theia-dev/e2e/test.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+# Copyright (c) 2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+
+base_dir=$(cd "$(dirname "$0")"; pwd)
+. "${base_dir}/../../build.include"
+
+init --name:theia-builder-e2e "$@"
+
+DOCKER_RUN_OPTIONS=""
+# run bats with terminal mode (pretty print) if supported by current shell
+if [ -t 1 ]; then
+  DOCKER_RUN_OPTIONS="-t"
+fi
+
+# Runs E2E tests in a docker container.
+run_test_in_docker_container() {
+  docker_exec run --rm ${DOCKER_RUN_OPTIONS} \
+        --user $1 --group-add 0 \
+           $IMAGE_NAME
+}
+
+run_test_in_docker_container 0:0
+run_test_in_docker_container 1234:5678

dockerfiles/theia-dev/src/entrypoint.sh

@@ -17,13 +17,24 @@ if ! grep -Fq "${USER_ID}" /etc/passwd; then
     # current user is an arbitrary
     # user (its uid is not in the
     # container /etc/passwd). Let's fix that
-    cat ${HOME}/.passwd.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" > /etc/passwd
+    sed \
+	-e "s/\${USER_ID}/${USER_ID}/g" \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        -e "s/\${HOME}/\/home\/theia/g" \
+        ${HOME}/.passwd.template > /etc/passwd
+    sed \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        ${HOME}/.group.template > /etc/group
 
-    cat ${HOME}/.group.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" > /etc/group
+    # now the user `theia-dev` (that have uid:gid == $USER_ID,$GROUPID) can use `sudo`.
+fi
+
+# Grant access to projects volume in case of non root user with sudo rights
+if [ "$USER_ID" -ne 0 ] && command -v sudo >/dev/null 2>&1 && sudo -n true > /dev/null 2>&1; then
+    sudo chmod 644 /etc/passwd /etc/group
+    sudo chown root:root /etc/passwd /etc/group
+
+    sudo chown ${USER_ID}:${GROUP_ID} /projects ${HOME}
 fi
 
 exec "$@"

dockerfiles/theia-endpoint-runtime/Dockerfile

@@ -56,13 +56,17 @@ COPY --from=builder /home/workspace/node_modules /home/theia/node_modules
 RUN rm -rf /home/theia/node_modules/@eclipse-che/theia-plugin-ext /home/theia/node_modules/@eclipse-che/theia-remote
 COPY --from=builder /home/workspace/packages/theia-plugin-ext /home/theia/node_modules/@eclipse-che/theia-plugin-ext
 COPY --from=builder /home/workspace/packages/theia-remote/lib /home/theia/lib
+COPY --from=builder /.passwd.template /.passwd.template
+COPY --from=builder /.group.template /.group.template
+COPY --from=builder /etc/sudoers /etc/sudoers
+
 RUN mkdir /projects \
     # Store passwd/group as template files
-    && cat /etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/sh#g > ${HOME}/passwd.template \
-    && cat /etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > ${HOME}/group.template \
     # Change permissions to let any arbitrary user
-    && for f in "${HOME}" "/etc/passwd" "/etc/group" "/projects"; do \
-        echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
+    && sed -i -e 's/theia-dev/theia/g' /.passwd.template /.group.template
+    && for f in "${HOME}" /etc/passwd /etc/group /projects; do \
+        echo "Changing permissions on ${f}" && \
+        chgrp -R 0 ${f} && \
         chmod -R g+rwX ${f}; \
     done
 ADD etc/entrypoint.sh /entrypoint.sh

dockerfiles/theia-endpoint-runtime/etc/entrypoint.sh

@@ -18,20 +18,23 @@ if ! grep -Fq "${USER_ID}" /etc/passwd; then
     # current user is an arbitrary
     # user (its uid is not in the
     # container /etc/passwd). Let's fix that
-    cat ${HOME}/passwd.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
-    sed "s/\${HOME}/\/home\/theia/g" > /etc/passwd
+    sed -e "s/\${USER_ID}/${USER_ID}/g" \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        -e "s/\${HOME}/\/home\/theia/g" \
+        /.passwd.template > /etc/passwd
 
-    cat ${HOME}/group.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
-    sed "s/\${HOME}/\/home\/theia/g" > /etc/group
+    sed -e "s/\${USER_ID}/${USER_ID}/g" \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        -e "s/\${HOME}/\/home\/theia/g"
+        /.group.template > /etc/group
 fi
 
 # Grant access to projects volume in case of non root user with sudo rights
 if [ "$(id -u)" -ne 0 ] && command -v sudo >/dev/null 2>&1 && sudo -n true > /dev/null 2>&1; then
-    sudo chown ${USER_ID}:${GROUP_ID} /projects
+    sudo chmod 644 /etc/passwd /etc/group
+    sudo chown root:root /etc/passwd /etc/group
+
+    sudo chown ${USER_ID}:${GROUP_ID} /projects "${HOME}"
 fi
 
 # SITTERM / SIGINT

dockerfiles/theia/Dockerfile

@@ -72,7 +72,7 @@ RUN che:theia init -c ${HOME}/che-theia-init-sources.yml
 RUN che:theia cdn --theia="${CDN_PREFIX}" --monaco="${MONACO_CDN_PREFIX}"
 
 # Compile Theia
-RUN yarn
+RUN yarn global add node-gyp && node-gyp install && yarn
 
 # Run into production mode
 RUN che:theia production
@@ -112,25 +112,22 @@ COPY --from=builder /home/theia-dev/theia-source-code/production/plugins /defaul
 # Install curl and bash
 # Install ssh for cloning ssh-repositories
 # Install less for handling git diff properly
-RUN apk add --update --no-cache sudo git bzip2 which bash curl openssh openssh-keygen less
-RUN adduser -D -S -u 1001 -G root -h ${HOME} -s /bin/sh theia \
-    && echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
-    # Create /projects for Che
-    && mkdir /projects \
-    # Create root node_modules in order to not use node_modules in each project folder
-    && mkdir /node_modules \
+RUN apk add --update --no-cache sudo git bzip2 which bash curl openssh openssh-keygen less shadow \
+    && useradd -u 1001 -U -G root -d ${HOME} -s /bin/bash theia-dev \
+    && apk del --no-cache shadow \
+    && echo "%root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+RUN mkdir /projects /node_modules \
     # Download yeoman generator plug-in
     && curl -L -o /default-theia-plugins/theia_yeoman_plugin.theia https://github.com/eclipse/theia-yeoman-plugin/releases/download/untagged-04f28ee329e479cc465b/theia_yeoman_plugin.theia \
-    && for f in "${HOME}" "/etc/passwd" "/etc/group /node_modules /default-theia-plugins /projects"; do\
-           sudo chgrp -R 0 ${f} && \
-           sudo chmod -R g+rwX ${f}; \
-       done \
-    && cat /etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > ${HOME}/passwd.template \
-    && cat /etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > ${HOME}/group.template \
+    # For non-root instances. File permissions will be fixed in `entrypoint.sh`.
+    && sed -e 's#theia:x.*#theia:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g' \
+           /etc/passwd > ${HOME}/.passwd.template \
+    && sed -e 's#^theia:.*#theia:x:${GROUP_ID}:#g' \
+           /etc/group > ${HOME}/.group.template \
     # Add yeoman, theia plugin generator and typescript (to have tsc/typescript working)
     && yarn global add yo @theia/generator-plugin@0.0.1-1540209403 typescript@2.9.2 \
     && mkdir -p ${HOME}/.config/insight-nodejs/ \
-    && chmod -R 777 ${HOME}/.config/ \
     # Disable the statistics for yeoman
     && echo '{"optOut": true}' > $HOME/.config/insight-nodejs/insight-yo.json \
     # Link yarn global modules for yeoman
@@ -140,9 +137,13 @@ RUN adduser -D -S -u 1001 -G root -h ${HOME} -s /bin/sh theia \
     # Cleanup yarn cache
     && yarn cache clean \
     # Change permissions to allow editing of files for openshift user
-    && find ${HOME} -exec sh -c "chgrp 0 {}; chmod g+rwX {}" \;
+    && for f in "${HOME}" /etc/passwd /etc/group /node_modules /default-theia-plugins /projects; do\
+           sudo chgrp -R 0 ${f} && \
+           sudo chmod -R g+rwX ${f}; \
+       done
 
 COPY --chown=theia:root --from=builder /home/theia-dev/theia-source-code/production /home/theia
+
 USER theia
 WORKDIR /projects
 ADD src/entrypoint.sh /entrypoint.sh

dockerfiles/theia/e2e/Dockerfile

@@ -10,22 +10,23 @@ FROM ${BUILD_ORGANIZATION}/${BUILD_PARENT_IMAGE}:${BUILD_TAG} as theia
 FROM cypress/browsers:chrome67
 
 USER root
-ENV HOME=/root
 ENV NOCDN=true
 
 RUN printf "deb http://archive.debian.org/debian/ jessie main\ndeb-src http://archive.debian.org/debian/ jessie main\ndeb http://security.debian.org jessie/updates main\ndeb-src http://security.debian.org jessie/updates main" > /etc/apt/sources.list
 RUN apt-get update && \
     apt-get install -y libx11-dev libxkbfile-dev sudo iproute2
-CMD /root/docker-run.sh
-RUN yarn global add typescript@2.9.2 node-gyp
+RUN yarn global add typescript@2.9.2 node-gyp && node-gyp install
 
 # Add cypress scripts and grab dependencies
-COPY src /root/
-RUN cd /root && yarn
+COPY src /projects/
+RUN cd /projects && yarn
 
 # Add tests
-ADD cypress /root/cypress/
+ADD cypress /projects/cypress/
 
 COPY --from=theia /home/theia /home/theia
 COPY --from=theia /entrypoint.sh /entrypoint.sh
 RUN find /home/theia/ -name "binding.gyp" |  xargs -i sh -c 'cd $(dirname {}) && node-gyp rebuild'
+
+USER theia
+CMD /projects/docker-run.sh

dockerfiles/theia/e2e/src/docker-run.sh

@@ -10,12 +10,12 @@
 : "${WAIT_COUNT:=30}"
 
 echo "Starting Theia..."
-rm -rf /root/logs/*
-HOME=/home/theia /entrypoint.sh > /root/logs/theia.log 2>/root/logs/theia-error.log&
+rm -rf /projects/logs/*
+HOME=/home/theia /entrypoint.sh > /projects/logs/theia.log 2>/projects/logs/theia-error.log&
 
 echo "Cleaning videos folder..."
 # Cleanup previous videos
-rm -rf /root/cypress/videos/*
+rm -rf /projects/cypress/videos/*
 
 # Find TCP 0.0.0.0:3100 that will be opened by Theia.
 sleep 5s
@@ -35,4 +35,4 @@ fi
 
 # Run tests
 echo "Run the tests"
-cd /root && unset LD_LIBRARY_PATH && /root/node_modules/.bin/cypress run -c trashAssetsBeforeRuns=false  --browser chrome
+cd /projects && unset LD_LIBRARY_PATH && /projects/node_modules/.bin/cypress run -c trashAssetsBeforeRuns=false  --browser chrome

dockerfiles/theia/e2e/test.sh

@@ -19,11 +19,14 @@ fi
 
 # Runs E2E tests in a docker container.
 run_test_in_docker_container() {
+  mkdir -p ${base_dir}/$1
   docker_exec run --rm ${DOCKER_RUN_OPTIONS} \
-       -v "${base_dir}/videos":/root/cypress/videos \
-       -v "${base_dir}/logs":/root/logs \
+       --user $1 \
+       -v "${base_dir}/$1/videos":/projects/cypress/videos \
+       -v "${base_dir}/$1/logs":/projects/logs \
        -v /var/run/docker.sock:/var/run/docker.sock \
            $IMAGE_NAME
 }
 
-run_test_in_docker_container
+run_test_in_docker_container '0:0'
+run_test_in_docker_container '1234:5678'