Switch default 1000 ci docker image user to ci-runner (#4200)

Signed-off-by: Peter Zhu <[email protected]>

docker/ci/config/windows-servercore-setup.ps1

@@ -84,7 +84,7 @@ regedit /s $zlibRegFilePath
 # Temurin jdk does not have all the versions supported on scoop, especially version 14, 20, and above
 # As of now we will mix temurin and openjdk as temurin for production has support policies for fixes and patches
 # We need to make sure we do not mis-install temurin and openjdk with the same version or the distribution build code will have issues
-$jdkVersionList = "temurin8-jdk JAVA8_HOME", "temurin11-jdk JAVA11_HOME", "openjdk14 JAVA14_HOME", "temurin17-jdk JAVA17_HOME", "temurin19-jdk JAVA19_HOME", "openjdk20 JAVA20_HOME", "openjdk21 JAVA21_HOME"
+$jdkVersionList = "temurin8-jdk JAVA8_HOME", "temurin11-jdk JAVA11_HOME", "openjdk14 JAVA14_HOME", "temurin17-jdk JAVA17_HOME", "temurin19-jdk JAVA19_HOME", "openjdk20 JAVA20_HOME", "temurin21-jdk JAVA21_HOME"
 Foreach ($jdkVersion in $jdkVersionList)
 {
     $jdkVersion

docker/ci/dockerfiles/current/build.centos7.opensearch.x64.arm64.dockerfile

@@ -13,6 +13,8 @@
 FROM centos:7
 
 ARG MAVEN_DIR=/usr/local/apache-maven
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
 
 # Ensure localedef running correct with root permission
 USER 0
@@ -24,10 +26,10 @@ RUN yum clean all && yum-config-manager --add-repo https://cli.github.com/packag
     yum install -y which curl git gnupg2 tar net-tools procps-ng python3 python3-devel python3-pip zip unzip jq gh pigz
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -d $CONTAINER_USER_HOME $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # Add Python dependencies
 RUN yum install -y @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils
@@ -70,7 +72,7 @@ RUN . /etc/profile.d/rvm.sh && rvm install 2.6.0 && rvm --default use 2.6.0 && y
 
 ENV RUBY_HOME=/usr/local/rvm/rubies/ruby-2.6.0/bin
 ENV RVM_HOME=/usr/local/rvm/bin
-ENV GEM_HOME=/usr/share/opensearch/.gem
+ENV GEM_HOME=$CONTAINER_USER_HOME/.gem
 ENV GEM_PATH=$GEM_HOME
 ENV PATH=$RUBY_HOME:$RVM_HOME:$PATH
 
@@ -101,10 +103,10 @@ ENV ENV="/usr/local/bin/scl_setup"
 ENV PROMPT_COMMAND=". /usr/local/bin/scl_setup"
 
 # Change User
-USER 1000
-WORKDIR /usr/share/opensearch
+USER $CONTAINER_USER
+WORKDIR $CONTAINER_USER_HOME
 
 # Install fpm for opensearch dashboards core
 RUN gem install fpm -v 1.14.2
-ENV PATH=/usr/share/opensearch/.gem/gems/fpm-1.14.2/bin:$PATH
+ENV PATH=$CONTAINER_USER_HOME/.gem/gems/fpm-1.14.2/bin:$PATH
 RUN fpm -v

docker/ci/dockerfiles/current/build.rockylinux8.opensearch-dashboards.x64.arm64.dockerfile

@@ -11,6 +11,9 @@
 
 FROM rockylinux:8
 
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
+
 # Ensure localedef running correct with root permission
 USER 0
 
@@ -26,10 +29,10 @@ COPY --chown=0:0 config/yq-setup.sh /tmp
 RUN /tmp/yq-setup.sh
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -d $CONTAINER_USER_HOME $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # Add Python dependencies
 RUN dnf install -y @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils
@@ -59,7 +62,7 @@ RUN . /etc/profile.d/rvm.sh && rvm install 2.6.0 && rvm --default use 2.6.0 && d
 
 ENV RUBY_HOME=/usr/local/rvm/rubies/ruby-2.6.0/bin
 ENV RVM_HOME=/usr/local/rvm/bin
-ENV GEM_HOME=/usr/share/opensearch/.gem
+ENV GEM_HOME=$CONTAINER_USER_HOME/.gem
 ENV GEM_PATH=$GEM_HOME
 ENV PATH=$RUBY_HOME:$RVM_HOME:$PATH
 
@@ -73,23 +76,23 @@ RUN update-alternatives --set python /usr/bin/python3.9 && \
 #ENV AWS_CLI_FILE_ENCODING=UTF-8
 
 # Change User
-USER 1000
-WORKDIR /usr/share/opensearch
+USER $CONTAINER_USER
+WORKDIR $CONTAINER_USER_HOME
 
 # Install fpm for opensearch dashboards core
 RUN gem install fpm -v 1.14.2
-ENV PATH=/usr/share/opensearch/.gem/gems/fpm-1.14.2/bin:$PATH
+ENV PATH=$CONTAINER_USER_HOME/.gem/gems/fpm-1.14.2/bin:$PATH
 
 # Hard code node version and yarn version for now
 # nvm environment variables
-ENV NVM_DIR /usr/share/opensearch/.nvm
+ENV NVM_DIR $CONTAINER_USER_HOME/.nvm
 ENV NODE_VERSION 10.24.1
 ARG NODE_VERSION_LIST="10.24.1 14.19.1 14.20.0 14.20.1 14.21.3 16.20.0 18.16.0"
 # install nvm
 # https://github.com/creationix/nvm#install-script
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 # install node and npm
-COPY --chown=1000:1000 config/yarn-version.sh /tmp
+COPY --chown=$CONTAINER_USER:$CONTAINER_USER config/yarn-version.sh /tmp
 RUN source $NVM_DIR/nvm.sh && \
     for node_version in $NODE_VERSION_LIST; do nvm install $node_version; npm install -g yarn@`/tmp/yarn-version.sh main`; done
 # add node and npm to path so the commands are available

docker/ci/dockerfiles/current/build.rockylinux8.opensearch.x64.arm64.dockerfile

@@ -13,6 +13,8 @@
 FROM rockylinux:8
 
 ARG MAVEN_DIR=/usr/local/apache-maven
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
 
 # Ensure localedef running correct with root permission
 USER 0
@@ -23,10 +25,10 @@ RUN dnf clean all && dnf install -y 'dnf-command(config-manager)' && dnf config-
     dnf install -y which curl git gnupg2 tar net-tools procps-ng python39 python39-devel python39-pip zip unzip jq gh
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -d $CONTAINER_USER_HOME $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # Add Python dependencies
 RUN dnf install -y @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils
@@ -69,7 +71,7 @@ RUN . /etc/profile.d/rvm.sh && rvm install 2.6.0 && rvm --default use 2.6.0 && d
 
 ENV RUBY_HOME=/usr/local/rvm/rubies/ruby-2.6.0/bin
 ENV RVM_HOME=/usr/local/rvm/bin
-ENV GEM_HOME=/usr/share/opensearch/.gem
+ENV GEM_HOME=$CONTAINER_USER_HOME/.gem
 ENV GEM_PATH=$GEM_HOME
 ENV PATH=$RUBY_HOME:$RVM_HOME:$PATH
 
@@ -87,10 +89,10 @@ RUN dnf install -y 'dnf-command(config-manager)' && \
 RUN pip3 install cmake==3.23.3
 
 # Change User
-USER 1000
-WORKDIR /usr/share/opensearch
+USER $CONTAINER_USER
+WORKDIR $CONTAINER_USER_HOME
 
 # Install fpm for opensearch dashboards core
 RUN gem install fpm -v 1.14.2
-ENV PATH=/usr/share/opensearch/.gem/gems/fpm-1.14.2/bin:$PATH
+ENV PATH=$CONTAINER_USER_HOME/.gem/gems/fpm-1.14.2/bin:$PATH
 RUN fpm -v

docker/ci/dockerfiles/current/build.ubuntu2004.opensearch.x64.arm64.dockerfile

@@ -11,6 +11,8 @@
 FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
 
 # Install python dependencies
 RUN apt-get update -y && apt-get install -y software-properties-common
@@ -42,13 +44,13 @@ RUN curl -o- https://www.aptly.info/pubkey.txt | apt-key add - && \
 
 # Tools setup
 COPY --chown=0:0 config/jdk-setup.sh config/yq-setup.sh /tmp/
-RUN /tmp/jdk-setup.sh && /tmp/yq-setup.sh
+RUN /tmp/jdk-setup.sh && /tmp/yq-setup.sh # Ubuntu has a bug where entrypoint=bash does not actually run .bashrc correctly
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch -m opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch 
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -s /bin/bash -d $CONTAINER_USER_HOME -m $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # Install gh cli
 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
@@ -57,5 +59,5 @@ RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | d
     apt-get update && apt-get install -y gh && apt-get clean
 
 # Change User
-USER 1000
-WORKDIR /usr/share/opensearch
+USER $CONTAINER_USER
+WORKDIR $CONTAINER_USER_HOME

docker/ci/dockerfiles/current/docker-builder.ubuntu2004.x64.dockerfile

@@ -17,6 +17,8 @@
 FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
 
 # Import necessary repository for installing qemu 5.0
 RUN apt-get update -y && apt-get install -y software-properties-common && add-apt-repository ppa:jacob/virtualisation -y
@@ -45,10 +47,10 @@ RUN curl -SL https://github.com/adoptium/temurin11-binaries/releases/download/jd
     rm /opt/jdk11.tar.gz
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch 
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -s /bin/bash -d $CONTAINER_USER_HOME -m $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # ENV JDK
 ENV JAVA_HOME=/opt/java/openjdk-11

docker/ci/dockerfiles/current/release.centos7.clients.x64.arm64.dockerfile

@@ -15,6 +15,8 @@
 FROM centos:7
 
 ARG MAVEN_DIR=/usr/local/apache-maven
+ARG CONTAINER_USER=ci-runner
+ARG CONTAINER_USER_HOME=/home/ci-runner
 
 # Ensure localedef running correct with root permission
 USER 0
@@ -62,10 +64,10 @@ RUN curl -SL https://github.com/adoptium/temurin11-binaries/releases/download/jd
     rm /opt/jdk11.tar.gz
 
 # Create user group
-RUN groupadd -g 1000 opensearch && \
-    useradd -u 1000 -g 1000 -d /usr/share/opensearch opensearch && \
-    mkdir -p /usr/share/opensearch && \
-    chown -R 1000:1000 /usr/share/opensearch
+RUN groupadd -g 1000 $CONTAINER_USER && \
+    useradd -u 1000 -g 1000 -d $CONTAINER_USER_HOME $CONTAINER_USER && \
+    mkdir -p $CONTAINER_USER_HOME && \
+    chown -R 1000:1000 $CONTAINER_USER_HOME
 
 # ENV JDK
 ENV JAVA_HOME=/opt/java/openjdk-11
@@ -115,8 +117,8 @@ RUN mkdir -p /tmp/osslsigncode && cd /tmp/osslsigncode && source /etc/profile.d/
 RUN yum install -y patch make ruby openssl-devel && yum clean all
 
 # Change User
-USER 1000
-WORKDIR /usr/share/opensearch
+USER $CONTAINER_USER
+WORKDIR $CONTAINER_USER_HOME
 
 # Installing PKG builder dependencies with rvm
 RUN curl -sSL https://rvm.io/mpapis.asc | gpg2 --import - && \
@@ -131,28 +133,28 @@ CMD ["/bin/bash", "-l"]
 RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
 
 # Installing ruby related dependencies
-# Need to run either `. /usr/share/opensearch/.rvm/scripts/rvm` or `source /usr/share/opensearch/.rvm/scripts/rvm` 
+# Need to run either `. $CONTAINER_USER_HOME/.rvm/scripts/rvm` or `source $CONTAINER_USER_HOME/.rvm/scripts/rvm` 
 # and force bash if needed before using the rvm command for any activities, or rvm will not correctly use version
-RUN . /usr/share/opensearch/.rvm/scripts/rvm && rvm install 2.6.0 && rvm --default use 2.6.0 && \
+RUN . $CONTAINER_USER_HOME/.rvm/scripts/rvm && rvm install 2.6.0 && rvm --default use 2.6.0 && \
     rvm install jruby-9.3.0.0
 
-ENV RUBY_HOME=/usr/share/opensearch/.rvm/rubies/ruby-2.6.0/bin
-ENV RVM_HOME=/usr/share/opensearch/.rvm/bin
-ENV GEM_HOME=/usr/share/opensearch/.gem
+ENV RUBY_HOME=$CONTAINER_USER_HOME/.rvm/rubies/ruby-2.6.0/bin
+ENV RVM_HOME=$CONTAINER_USER_HOME/.rvm/bin
+ENV GEM_HOME=$CONTAINER_USER_HOME/.gem
 ENV GEM_PATH=$GEM_HOME
-ENV CARGO_PATH=/usr/share/opensearch/.cargo/bin
+ENV CARGO_PATH=$CONTAINER_USER_HOME/.cargo/bin
 ENV PATH=$RUBY_HOME:$RVM_HOME:$CARGO_PATH:$PATH
 
 # nvm environment variables
-ENV NVM_DIR /usr/share/opensearch/.nvm
+ENV NVM_DIR $CONTAINER_USER_HOME/.nvm
 ENV NODE_VERSION 16.20.0
 ARG NODE_VERSION_LIST="10.24.1 14.19.1 14.20.0 14.20.1 14.21.3 16.20.0"
 
 # Installing nvm
 # https://github.com/creationix/nvm#install-script
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 # Installing node and npm
-COPY --chown=1000:1000 config/yarn-version.sh /tmp
+COPY --chown=$CONTAINER_USER:$CONTAINER_USER config/yarn-version.sh /tmp
 RUN source $NVM_DIR/nvm.sh && \
     for node_version in $NODE_VERSION_LIST; do nvm install $node_version; npm install -g yarn@`/tmp/yarn-version.sh main`; done
 # Add node and npm to path so the commands are available