support non-root image

.github/workflows/ci.yml

@@ -132,33 +132,33 @@ jobs:
         echo "def getService(): return ServiceProvider()" | docker run -i aexpy/aexpy -vvv -s - view --help
     - name: Test Preprocess
       run: |
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.1 /data /data/distribution1.json
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.2 /data /data/distribution2.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.1 /data /data/distribution1.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.2 /data /data/distribution2.json
     - name: Test Extraction
       run: |
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv extract /data/distribution1.json /data/api1.json
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv extract /data/distribution2.json /data/api2.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv extract /data/distribution1.json /data/api1.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv extract /data/distribution2.json /data/api2.json
     - name: Test Extraction in Env
       run: |
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.1 -P 3.8 /data /data/distribution3.json
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv extract /data/distribution3.json /data/api3.json --temp
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv extract /data/distribution3.json /data/api4.json --no-temp
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv preprocess -r -p generator-oj-problem@0.0.1 -P 3.8 /data /data/distribution3.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv extract /data/distribution3.json /data/api3.json --temp
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv extract /data/distribution3.json /data/api4.json --no-temp
     - name: Test Extraction from other input mode
       run: |
         echo generator-oj-problem@0.0.1 | docker run -i aexpy/aexpy -vvv extract - - -r > ./cache/api5.json
         sudo cat ./cache/generator_oj_problem-0.0.1-py3-none-any.whl | docker run -i aexpy/aexpy -vvv extract - - -w --wheel-name generator_oj_problem-0.0.1-py3-none-any > ./cache/api6.json
         cd ./cache/generator_oj_problem-0.0.1-py3-none-any && sudo zip -r - ./generator_oj_problem | docker run -i aexpy/aexpy -vvv extract - - -s > ../api7.json
     - name: Test Difference
       run: |
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv diff /data/api1.json /data/api2.json /data/diff.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv diff /data/api1.json /data/api2.json /data/diff.json
         echo "," | sudo cat ./cache/api1.json - ./cache/api2.json | docker run -i aexpy/aexpy -vvv diff - - - > ./cache/diff2.json
     - name: Test Report
       run: |
-        docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv report /data/diff.json /data/report.json
+        docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv report /data/diff.json /data/report.json
     - name: Test View
       shell: bash
       run: |
-        cd cache && sudo find . -maxdepth 1 -type f -name "*.json" -exec docker run -v ${{ github.workspace }}/cache:/data -u root aexpy/aexpy -vvv view /data/{} \;
+        cd cache && sudo find . -maxdepth 1 -type f -name "*.json" -exec docker run -v ${{ github.workspace }}/cache:/data aexpy/aexpy -vvv view /data/{} \;
     - name: Upload results
       uses: actions/upload-artifact@v4
       with:

Dockerfile

@@ -1,23 +1,30 @@
+FROM mambaorg/micromamba:latest as ENV
+
 FROM python:latest as BUILD
 RUN pip install build
 COPY . /src
 RUN python -m build /src --outdir /dist
 
-FROM mambaorg/micromamba:latest
+FROM python:3.12-slim
+
+# COPY FROM https://micromamba-docker.readthedocs.io/en/latest/advanced_usage.html#adding-micromamba-to-an-existing-docker-image
+ARG MAMBA_USER=mambauser MAMBA_USER_ID=57439 MAMBA_USER_GID=57439
+ENV MAMBA_USER=$MAMBA_USER MAMBA_ROOT_PREFIX="/opt/conda" MAMBA_EXE="/bin/micromamba"
+COPY --from=ENV "$MAMBA_EXE" "$MAMBA_EXE"
+COPY --from=ENV /usr/local/bin/_activate_current_env.sh /usr/local/bin/_activate_current_env.sh
+COPY --from=ENV /usr/local/bin/_dockerfile_shell.sh /usr/local/bin/_dockerfile_shell.sh
+COPY --from=ENV /usr/local/bin/_entrypoint.sh /usr/local/bin/_entrypoint.sh
+COPY --from=ENV /usr/local/bin/_dockerfile_initialize_user_accounts.sh /usr/local/bin/_dockerfile_initialize_user_accounts.sh
+COPY --from=ENV /usr/local/bin/_dockerfile_setup_root_prefix.sh /usr/local/bin/_dockerfile_setup_root_prefix.sh
+RUN /usr/local/bin/_dockerfile_initialize_user_accounts.sh && \
+    /usr/local/bin/_dockerfile_setup_root_prefix.sh
 
-ARG MAMBA_DOCKERFILE_ACTIVATE=1
-ENV PYTHONUTF8=1 RUN_IN_CONTAINER=1 AEXPY_ENV_PROVIDER=micromamba
+ENV PYTHONUTF8=1 RUN_IN_CONTAINER=1 AEXPY_ENV_PROVIDER=micromamba MAMBA_SKIP_ACTIVATE=1
+COPY --from=BUILD /dist /tmp/packages
+RUN pip install --no-cache-dir --compile /tmp/packages/*.whl
 
+USER $MAMBA_USER
 WORKDIR /data
 VOLUME [ "/data" ]
-
-COPY --chown=$MAMBA_USER:$MAMBA_USER env.yaml /tmp/env.yaml
-RUN micromamba install -y -n base -f /tmp/env.yaml && \
-    micromamba clean --all --yes
-
-COPY --from=BUILD --chown=$MAMBA_USER:$MAMBA_USER /dist /tmp/packages
-
-RUN pip install --no-cache-dir /tmp/packages/*.whl && \
-    rm -rf /tmp/packages
-
+SHELL ["/usr/local/bin/_dockerfile_shell.sh"]
 ENTRYPOINT [ "/usr/local/bin/_entrypoint.sh", "aexpy" ]

README.md

@@ -267,10 +267,10 @@ echo "," | cat ./api1.json - ./api2.json | docker run -i aexpy/aexpy diff - - -
 > [!TIP]
 > If you want to write processed data to filesystem, not the standard IO, add a volume mapping to `/data` for file access.
 > 
-> Since the container runs in non-root user, please use root user to allow the container writing to the mounted directory.
+> Please ensure using the same user as the owner of the mounted directory, to access mounted files.
 > 
 > ```sh
-> docker run -v $pwd/cache:/data -u root aexpy/aexpy extract /data/distribution.json /data/api.json
+> docker run -v $pwd/cache:/data -u $(id -u):$(id -g) aexpy/aexpy extract /data/distribution.json /data/api.json
 > ```
 
 When you installed AexPy package, you could use `tool runimage` command for a quick runner of containers (if you have Docker installed).

src/aexpy/tools/workers/__init__.py

@@ -163,13 +163,13 @@ def getImageTag(self, /, version: str):
     def getCommandPrefix(self, /):
         user = "root"
 
-        # try:
-        #     import pwd
-        #     uid = os.getuid()
-        #     gid = pwd.getpwuid(uid).pw_gid
-        #     user = f"{uid}:{gid}"
-        # except Exception:
-        #     pass
+        try:
+            import pwd
+            uid = os.getuid()               # type: ignore
+            gid = pwd.getpwuid(uid).pw_gid  # type: ignore
+            user = f"{uid}:{gid}"
+        except Exception:
+            pass
 
         return [
             "docker",

src/aexpy/tools/workers/services.py

@@ -67,9 +67,9 @@ def extract(self, /, dist, *, logger=None, context=None, envBuilder=None):
         result = super().extract(
             dist, logger=logger, context=context, envBuilder=envBuilder
         )
-        if hasattr(os, "getuid"):
-            if getattr(os, "getuid")() != 0:
-                result.logger.warning(
-                    "Not running in root, tempfile created by the inner container might not be able to cleaned."
-                )
+        # if hasattr(os, "getuid"):
+        #     if getattr(os, "getuid")() != 0:
+        #         result.logger.warning(
+        #             "Not running in root, tempfile created by the inner container might not be able to cleaned."
+        #         )
         return result