Pass user ID and group ID to docker native image build in linux, by default docker container will run as root

johnaohara · johnaohara · commit e078cef8b9ee · 2019-04-04T15:00:07.000+01:00
diff --git a/core/creator/src/main/java/io/quarkus/creator/phase/nativeimage/NativeImagePhase.java b/core/creator/src/main/java/io/quarkus/creator/phase/nativeimage/NativeImagePhase.java
@@ -20,7 +20,7 @@
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
-import java.io.PrintStream;
+import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -47,6 +47,8 @@
 import io.quarkus.creator.outcome.OutcomeProviderRegistration;
 import io.quarkus.creator.phase.augment.AugmentOutcome;
 import io.quarkus.creator.phase.runnerjar.RunnerJarOutcome;
+import io.quarkus.gizmo.MethodDescriptor;
+import io.quarkus.gizmo.ResultHandle;
 import io.smallrye.config.SmallRyeConfigProviderResolver;
 
 /**
@@ -313,6 +315,46 @@ public void provideOutcome(AppCreator ctx) throws AppCreatorException {
             // E.g. "/usr/bin/docker run -v {{PROJECT_DIR}}:/project --rm quarkus/graalvm-native-image"
             nativeImage = new ArrayList<>();
             Collections.addAll(nativeImage, containerRuntime, "run", "-v", outputDir.toAbsolutePath() + ":/project:z", "--rm");
+            if (IS_LINUX & "docker".equals(containerRuntime)) {
+                try {
+                    BufferedReader reader;
+                    StringBuilder builder;
+                    String uid = null;
+                    String gid = null;
+
+                    ProcessBuilder idPB = new ProcessBuilder().command("id", "-ur");
+                    Process process = idPB.start();
+
+                    if (process.waitFor() == 0) {
+                        reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
+                        builder = new StringBuilder();
+                        String line;
+                        while ((line = reader.readLine()) != null) {
+                            builder.append(line);
+                        }
+                        uid = builder.toString();
+                    }
+
+                    idPB = new ProcessBuilder().command("id", "-gr");
+                    process = idPB.start();
+
+                    if (process.waitFor() == 0) {
+                        reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
+                        builder = new StringBuilder();
+                        String line = null;
+                        while ((line = reader.readLine()) != null) {
+                            builder.append(line);
+                        }
+                        gid = builder.toString();
+                    }
+
+                    if (uid != null & gid != null & !"".equals(uid) & !"".equals(gid)) {
+                        Collections.addAll(nativeImage, "--user", uid.concat(":").concat(gid));
+                    }
+                } catch (Exception e) {
+                    //swallow exception here, docker container will run as root by default
+                }
+            }
             nativeImage.addAll(containerRuntimeOptions);
             nativeImage.add(this.builderImage);
         } else {
