Dockerfile: set vscode user in both tsffs dev and prod images

Wenzel · Wenzel · commit 4175d683ade9 · 2025-09-29T15:31:23.000-07:00
diff --git a/Dockerfile b/Dockerfile
@@ -2,16 +2,18 @@
 # SPDX-License-Identifier: Apache-2.0
 # hadolint global ignore=DL3041,DL3040
 
-FROM fedora:42@sha256:f357623dc40edf7803f21b2b954f92417f274a7370f82384ef13c73e08ce1727 AS tsffs-base
+FROM fedora:42@sha256:f357623dc40edf7803f21b2b954f92417f274a7370f82384ef13c73e08ce1727 AS tsffs-dev
 
 # Download links can be obtained from:
 # https://lemcenter.intel.com/productDownload/?Product=256660e5-a404-4390-b436-f64324d94959
 ARG PUBLIC_SIMICS_PKGS_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-linux64.ispm"
 ARG PUBLIC_SIMICS_ISPM_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-linux64.tar.gz"
 ARG PUBLIC_SIMICS_PACKAGE_VERSION_1000="6.0.185"
+ARG USER_UID=1000
+ARG USERNAME=vscode
 ENV SIMICS_BASE="/workspace/simics/simics-${PUBLIC_SIMICS_PACKAGE_VERSION_1000}/"
 # Add cargo and ispm to the path
-ENV PATH="/root/.cargo/bin:/workspace/simics/ispm:${PATH}"
+ENV PATH="/home/${USERNAME}/.cargo/bin:/workspace/simics/ispm:${PATH}"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -76,9 +78,6 @@ python3 -m pip install --no-cache-dir \
     mypy==1.6.1 \
     pylint==3.0.2
 
-# Install Rust
-curl https://sh.rustup.rs -sSf | bash -s -- --default-toolchain none -y
-
 # Clean up package manager cache
 dnf clean all
 rm -rf /var/cache/dnf/* /tmp/* /var/tmp/*
@@ -87,14 +86,36 @@ EOF
 
 WORKDIR /workspace
 
+# create user
+RUN <<EOF
+set -e
+# create group for developers
+groupadd dev
+# Create group and user with a home at /home/vscode
+useradd \
+      --create-home    \
+      --uid $USER_UID \
+      --user-group     \
+      --groups dev \
+      --shell /bin/bash \
+      $USERNAME
+echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME
+
+# Install Rust
+sudo -E -u $USERNAME bash -c 'curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain none'
+EOF
+
+USER vscode
+
 # Download and install public SIMICS. This installs all the public packages as well as the
 # ispm SIMICS package and project manager. ISPM will be on the path due to the ENV command
 # above
 # hadolint ignore=DL3004,SC3009
 RUN <<EOF
 set -e
 # Create directories
-mkdir -p /workspace/simics/ispm/
+sudo -E -u $USERNAME mkdir -p /workspace/simics/ispm/
+sudo -E -u $USERNAME chown -R vscode:dev /workspace/
 
 # Download SIMICS components
 curl -L -o /workspace/simics/ispm.tar.gz "${PUBLIC_SIMICS_ISPM_URL}"
@@ -114,7 +135,7 @@ rm -rf /tmp/* /var/tmp/*
 EOF
 
 # Copy the local repository into the workspace
-COPY . /workspace/tsffs/
+COPY --chown=vscode:dev . /workspace/tsffs/
 
 WORKDIR /workspace/tsffs/
 
@@ -168,42 +189,7 @@ cp /workspace/tsffs/harness/tsffs.h /workspace/projects/example/
 ninja
 EOF
 
-RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> /root/.bashrc
-
-FROM tsffs-base AS tsffs-dev
-ARG USER_UID=1000
-ARG USERNAME=vscode
-
-# To build and run the dev image:
-#   docker build --build-arg USER_UID=$(id -u) --target tsffs-dev -t tsffs:dev .
-#   docker run --rm -ti --user vscode -v .:/workspace/tsffs tsffs:dev
-
-# hadolint ignore=DL3004,SC3009
-RUN <<EOF
-set -e
-# create group for developers
-groupadd dev
-# Create group and user with a home at /home/vscode
-useradd \
-      --create-home    \
-      --uid $USER_UID \
-      --user-group     \
-      --groups dev \
-      --shell /bin/bash \
-      $USERNAME        \
- && echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME
-
-# set /workspace/simics permissions to vscode:dev
-chown -R vscode:dev /workspace/{simics,projects,tsffs}
-
-# install Rust nightly for the user
-sudo -E -u $USERNAME bash -c 'curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain none'
-
-# copy Simics ISPM config
-mkdir -p /home/$USERNAME/.config
-cp -r "/root/.config/Intel Simics Package Manager/" "/home/$USERNAME/.config/"
-chown -R $USERNAME:$USERNAME "/home/$USERNAME/.config/"
-EOF
+RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> ~/.bashrc
 
 WORKDIR /workspace/tsffs
 
@@ -233,8 +219,8 @@ dnf clean all
 rm -rf /var/cache/dnf/* /tmp/* /var/tmp/*
 EOF
 
-COPY --from=tsffs-base /workspace/projects /workspace/projects
-COPY --from=tsffs-base /workspace/simics /workspace/simics
-COPY --from=tsffs-base /root/.bashrc /root/.bashrc
+COPY --from=tsffs-dev /workspace/projects /workspace/projects
+COPY --from=tsffs-dev /workspace/simics /workspace/simics
+COPY --from=tsffs-dev /root/.bashrc /root/.bashrc
 
 WORKDIR /workspace/projects/example
