From 5b948b2994e73149c517c9f9162a2ff26e04d771 Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Tue, 19 Nov 2019 15:51:00 +0100
Subject: [PATCH] Don't run CI jobs as root

---
 packages/common/.gitlab-ci.yml        |  6 +-----
 packages/common/.gitlab-ci/Dockerfile | 14 +++++++++++---
 packages/common/.gitlab-ci/build.sh   |  2 +-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/packages/common/.gitlab-ci.yml b/packages/common/.gitlab-ci.yml
index c1159ca5..14c05580 100644
--- a/packages/common/.gitlab-ci.yml
+++ b/packages/common/.gitlab-ci.yml
@@ -1,8 +1,6 @@
-image: debian:buster
+image: registry.gitlab.tugraz.at/vpu/webcomponents/common/main:v2
 
 before_script:
-  - apt update
-  - apt install -y git
   - "sed -i 's|git@gitlab.tugraz.at:VPU|../..|g' .gitmodules"
   - git submodule sync
   - git submodule update --init
@@ -13,7 +11,5 @@ stages:
 test:
   stage: test
   script:
-    - apt update
-    - apt install -y npm chromium
     - npm install
     - npm test
diff --git a/packages/common/.gitlab-ci/Dockerfile b/packages/common/.gitlab-ci/Dockerfile
index ead6a355..82fb4085 100644
--- a/packages/common/.gitlab-ci/Dockerfile
+++ b/packages/common/.gitlab-ci/Dockerfile
@@ -5,13 +5,21 @@ ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt-get update && apt-get install -y \
     git \
-    curl
+    curl \
+    && rm -rf /var/lib/apt/lists/*
 
-RUN curl -sL https://deb.nodesource.com/setup_12.x | bash -
+RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - \
+    && rm -rf /var/lib/apt/lists/*
 
 RUN apt-get update && apt-get install -y \
     nodejs \
     chromium-browser \
     firefox \
     composer \
-    rsync
\ No newline at end of file
+    rsync \
+    sudo \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -u 1000 -ms /bin/bash user
+RUN echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER user
diff --git a/packages/common/.gitlab-ci/build.sh b/packages/common/.gitlab-ci/build.sh
index b5705519..3ec24350 100755
--- a/packages/common/.gitlab-ci/build.sh
+++ b/packages/common/.gitlab-ci/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
 set -e
-TAG="registry.gitlab.tugraz.at/vpu/webcomponents/common/main:v1"
+TAG="registry.gitlab.tugraz.at/vpu/webcomponents/common/main:v2"
 sudo docker build --tag "${TAG}" --file "Dockerfile" .
 echo "Now run: sudo docker push '$TAG'"
-- 
GitLab