Run quality checks as root when running in drone

Since drone clones the git repository as root, there would be no local
write permission for the quality check process if it ran as a non-root
user.

auth/Dockerfile-quality

@@ -19,10 +19,11 @@
 
 # The order of commands here is optimized for caching.
 
-FROM bitnami/python:3.7
+# =============================================================================
+# Install dependencies needed to run quality checks
+# =============================================================================
 
-ARG user_id=1000
-ARG group_id=1000
+FROM bitnami/python:3.7 AS dependencies
 
 WORKDIR /root
 
@@ -43,8 +44,21 @@ RUN install_packages \
 COPY Pipfile Pipfile.lock ./
 RUN pipenv install --system --deploy --dev
 
+# =============================================================================
 # Switch to non-root user
+# =============================================================================
+
+FROM dependencies AS non-root
+
+ARG user_id
+ARG group_id
+
+# Create new user and, if needed, new group
 RUN grep --quiet ":$group_id:" /etc/group || addgroup --gid $group_id fsfe
 RUN adduser --uid $user_id --gid $group_id --shell "/sbin/nologin" --gecos "FSFE" --disabled-password fsfe
+
+# Switch to newly created user
 USER fsfe
+
+# Change to the directory where we'll mount the project source code
 WORKDIR /home/fsfe/src

back/Dockerfile-quality

@@ -18,10 +18,11 @@
 
 # The order of commands here is optimized for caching.
 
-FROM bitnami/python:3.7
+# =============================================================================
+# Install dependencies needed to run quality checks
+# =============================================================================
 
-ARG user_id=1000
-ARG group_id=1000
+FROM bitnami/python:3.7 AS dependencies
 
 WORKDIR /root
 
@@ -41,8 +42,21 @@ RUN install_packages \
 COPY Pipfile Pipfile.lock ./
 RUN pipenv install --system --deploy --dev
 
+# =============================================================================
 # Switch to non-root user
+# =============================================================================
+
+FROM dependencies AS non-root
+
+ARG user_id
+ARG group_id
+
+# Create new user and, if needed, new group
 RUN grep --quiet ":$group_id:" /etc/group || addgroup --gid $group_id fsfe
 RUN adduser --uid $user_id --gid $group_id --shell "/sbin/nologin" --gecos "FSFE" --disabled-password fsfe
+
+# Switch to newly created user
 USER fsfe
+
+# Change to the directory where we'll mount the project source code
 WORKDIR /home/fsfe/src

docker-compose.development.yml

@@ -99,6 +99,7 @@ services:
     build:
       context: back
       dockerfile: Dockerfile-quality
+      target: non-root
       args:
         user_id: "${USER_ID}"
         group_id: "${GROUP_ID}"
@@ -146,6 +147,7 @@ services:
     build:
       context: auth
       dockerfile: Dockerfile-quality
+      target: non-root
       args:
         user_id: "${USER_ID}"
         group_id: "${GROUP_ID}"
@@ -189,6 +191,7 @@ services:
     build:
       context: front
       dockerfile: Dockerfile-quality
+      target: non-root
       args:
         user_id: "${USER_ID}"
         group_id: "${GROUP_ID}"

docker-compose.quality.yml

@@ -31,6 +31,7 @@ services:
     build:
       context: back
       dockerfile: Dockerfile-quality
+      target: dependencies
 
   # ===========================================================================
   # Authentication server (fsfe-cd-auth)
@@ -42,6 +43,7 @@ services:
     build:
       context: auth
       dockerfile: Dockerfile-quality
+      target: dependencies
 
   # ===========================================================================
   # Frontend (fsfe-cd-front)
@@ -53,3 +55,4 @@ services:
     build:
       context: front
       dockerfile: Dockerfile-quality
+      target: dependencies

front/Dockerfile-quality

@@ -18,10 +18,11 @@
 
 # The order of commands here is optimized for caching.
 
-FROM bitnami/python:3.7
+# =============================================================================
+# Install dependencies needed to run quality checks
+# =============================================================================
 
-ARG user_id=1000
-ARG group_id=1000
+FROM bitnami/python:3.7 AS dependencies
 
 WORKDIR /root
 
@@ -31,8 +32,21 @@ RUN pip3 install pipenv
 COPY Pipfile Pipfile.lock ./
 RUN pipenv install --system --deploy --dev
 
+# =============================================================================
 # Switch to non-root user
+# =============================================================================
+
+FROM dependencies AS non-root
+
+ARG user_id
+ARG group_id
+
+# Create new user and, if needed, new group
 RUN grep --quiet ":$group_id:" /etc/group || addgroup --gid $group_id fsfe
 RUN adduser --uid $user_id --gid $group_id --shell "/sbin/nologin" --gecos "FSFE" --disabled-password fsfe
+
+# Switch to newly created user
 USER fsfe
+
+# Change to the directory where we'll mount the project source code
 WORKDIR /home/fsfe/src