Merge pull request #655 from serenity-js/copilot/update-devcontainer-user-settings

Run devcontainer as non-root serenity-js user

Author: jan-molak

.devcontainer/Dockerfile

@@ -3,11 +3,17 @@ FROM mcr.microsoft.com/playwright:v1.56.1-noble
 ARG DEBIAN_FRONTEND=noninteractive
 ARG TZ=UTC
 
+# Add user args (defaults can be overridden via devcontainer.json build.args)
+ARG USERNAME=serenity-js
+ARG USER_UID=1000
+ARG USER_GID=1000
+
 ENV SHELL=/bin/bash
 ENV PATH="/opt/google/chrome:${PATH}"
+ENV HOME=/home/${USERNAME}
 
 RUN \
-    # Install Java
+    # Install Java, chrome, edge etc.
     apt-get -y update &&  \
     apt-get -y install default-jre && \
     # Install Chrome
@@ -28,4 +34,22 @@ RUN \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+# Create a non-root user to run the workspace (more secure than using root)
+RUN set -eux; \
+    # create group (if it doesn't already exist) and user with specified uid/gid
+    if ! getent group ${USER_GID} >/dev/null 2>&1; then \
+      groupadd --gid ${USER_GID} ${USERNAME}; \
+    fi; \
+    if ! id -u ${USERNAME} >/dev/null 2>&1; then \
+      useradd -m -s /bin/bash -u ${USER_UID} -g ${USER_GID} ${USERNAME}; \
+    fi; \
+    # Ensure /workspaces exists and is owned by the non-root user so postCreateCommand can write
+    mkdir -p /workspaces; \
+    chown -R ${USERNAME}:${USERNAME} /workspaces /home/${USERNAME}
+
+# Copy welcome message for Codespaces/Dev Containers
 COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt
+
+# Switch to the non-root user for the running container
+USER ${USERNAME}
+WORKDIR /workspaces

.devcontainer/devcontainer.json

@@ -1,7 +1,12 @@
 {
   "build": {
     "context": ".",
-    "dockerfile": "Dockerfile"
+    "dockerfile": "Dockerfile",
+    "args": {
+      "USERNAME": "serenity-js",
+      "USER_UID": "1000",
+      "USER_GID": "1000"
+    }
   },
 
   "features": {
@@ -48,5 +53,7 @@
         }
       }
     }
-  }
+  },
+
+  "remoteUser": "serenity-js"
 }