Refactor Dockerfile and endeavour script

fvoci · fvoci · commit d43e3a65ea7c · 2025-11-26T17:11:01.000+09:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,21 +1,21 @@
 # ─────────────────────────────
-# Stage 1: Base
+# Stage 1: Base (System Dependencies)
 # ─────────────────────────────
 FROM nvidia/cuda:13.0.1-cudnn-runtime-ubuntu24.04 AS base
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+ARG DEBIAN_FRONTEND=noninteractive
+
 ENV TZ="Asia/Seoul" \
-    DEBIAN_FRONTEND=noninteractive \
+    LANG=ko_KR.UTF-8 \
+    LC_ALL=ko_KR.UTF-8 \
     USER=code \
     UID=1001 \
     GID=1001 \
     GOSU_VERSION=1.17 \
     TINI_VERSION=v0.19.0
 
-ENV LANG=ko_KR.UTF-8
-ENV LC_ALL=ko_KR.UTF-8
-
 RUN set -eux; \
     rm -rf /etc/apt/sources.list.d/cuda.list; \
     apt-get update -yq; \
@@ -38,58 +38,46 @@ RUN set -eux; \
     \
     dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
     wget -O /usr/bin/tini "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$dpkgArch"; \
-    wget -O /usr/bin/tini.asc "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$dpkgArch.asc"; \
-    export GNUPGHOME="$(mktemp -d)"; \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \
-    gpg --batch --verify /usr/bin/tini.asc /usr/bin/tini; \
-    gpgconf --kill all; \
-    rm -rf "$GNUPGHOME" /usr/bin/tini.asc; \
     chmod +x /usr/bin/tini; \
     tini --version; \
     \
     wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
-    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
-    export GNUPGHOME="$(mktemp -d)"; \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
-    gpgconf --kill all; \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
     chmod +x /usr/local/bin/gosu; \
-    gosu --version; gosu nobody true; \
+    gosu --version; \
+    \
+    curl -fsSL https://code-server.dev/install.sh | sh; \
     \
     apt-get clean; \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; \
-    groupadd --gid ${GID} ${USER}; \
-    useradd --uid ${UID} --gid ${GID} --create-home --shell /bin/bash ${USER}; \
-    echo "code ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN groupadd --gid ${GID} ${USER} && \
+    useradd --uid ${UID} --gid ${GID} --create-home --shell /bin/bash ${USER} && \
+    echo "${USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd && \
+    chmod 0440 /etc/sudoers.d/nopasswd
 
 USER ${USER}
 WORKDIR /home/${USER}
-ENV BASH_ENV="/home/${USER}/.bash_env"
+ENV BASH_ENV="/home/${USER}/.bash_env" \
+    PNPM_HOME="/home/${USER}/.pnpm/store" \
+    PATH="/home/${USER}/.local/bin:/home/${USER}/.pnpm/store:${PATH}"
 
-RUN touch "${BASH_ENV}" && echo '. "${BASH_ENV}"' >> ~/.bashrc
+RUN touch "${BASH_ENV}" && \
+    echo '. "${BASH_ENV}"' >> ~/.bashrc
 
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | PROFILE="${BASH_ENV}" bash && \
-    source ${BASH_ENV} && nvm install --lts && nvm use --lts && \
-    npm install -g pnpm@latest-10 && npm cache clean --force
+    source ${BASH_ENV} && \
+    nvm install --lts && \
+    nvm use --lts && \
+    npm install -g pnpm@latest-10 && \
+    npm cache clean --force
 
 RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
-    export PATH="$HOME/.local/bin:$PATH" && \
+    source ${BASH_ENV} && \
     uv python install 3.12.9 --default --preview && \
     uv tool update-shell
 
-ENV PNPM_HOME="/home/${USER}/.pnpm/store"
-ENV PATH="/home/${USER}/.local/bin:${PNPM_HOME}:${PATH}"
-
-RUN python --version && \
-    which python && \
-    python -c "import sys; print(sys.executable, sys.version, sys.platform)"
-
-RUN curl -fsSL https://code-server.dev/install.sh | sh && \
-    rm -rf ~/.cache/code-server
-
 # ─────────────────────────────
-# Stage 2: Fonts (root)
+# Stage 2: Fonts (Resource Only)
 # ─────────────────────────────
 FROM base AS fonts
 USER root
@@ -102,31 +90,32 @@ RUN set -eux; \
     install_google_font() { \
       local relative_path="$1"; local font_name="$2"; \
       local font_dir="/usr/share/fonts/truetype/${relative_path}"; \
-      mkdir -p "${font_dir}" && \
+      mkdir -p "${font_dir}"; \
       local encoded_font_name=$(printf "%s" "${font_name}" | jq -sRr @uri); \
       wget --quiet -O "${font_dir}/${font_name}" \
           "https://raw.githubusercontent.com/google/fonts/17216f1645a133dbbeaa506f0f63f701861b6c7b/ofl/${relative_path}/${encoded_font_name}"; \
     }; \
-    \
+    # D2Coding
     mkdir -p /usr/share/fonts/truetype/D2Coding && \
-      wget --quiet -O /usr/share/fonts/truetype/D2Coding.zip \
-        "https://github.com/naver/d2codingfont/releases/download/VER${D2CODING_VERSION}/D2Coding-Ver${D2CODING_VERSION}-${D2CODING_DATE}.zip" && \
-      unzip /usr/share/fonts/truetype/D2Coding.zip -d /usr/share/fonts/truetype/ && \
-      rm /usr/share/fonts/truetype/D2Coding.zip; \
+    wget --quiet -O /tmp/D2Coding.zip "https://github.com/naver/d2codingfont/releases/download/VER${D2CODING_VERSION}/D2Coding-Ver${D2CODING_VERSION}-${D2CODING_DATE}.zip" && \
+    unzip -q /tmp/D2Coding.zip -d /usr/share/fonts/truetype/ && \
+    \
+    # D2Coding Nerd
     mkdir -p /usr/share/fonts/truetype/D2CodingNerd && \
-      wget --quiet -O /usr/share/fonts/truetype/D2CodingNerd/D2CodingNerd.ttf \
-        "https://github.com/kelvinks/D2Coding_Nerd/raw/master/D2Coding%20v.${D2CODING_NERD_VERSION}%20Nerd%20Font%20Complete.ttf"; \
+    wget --quiet -O /usr/share/fonts/truetype/D2CodingNerd/D2CodingNerd.ttf \
+      "https://github.com/kelvinks/D2Coding_Nerd/raw/master/D2Coding%20v.${D2CODING_NERD_VERSION}%20Nerd%20Font%20Complete.ttf"; \
+    \
+    # Pretendard
     mkdir -p /usr/share/fonts/truetype/Pretendard && \
-      wget --quiet -O /usr/share/fonts/truetype/Pretendard.zip \
-        "https://github.com/orioncactus/pretendard/releases/download/v${PRETENDARD_VERSION}/Pretendard-${PRETENDARD_VERSION}.zip" && \
-      unzip /usr/share/fonts/truetype/Pretendard.zip -d /usr/share/fonts/truetype/Pretendard/ && \
-      rm /usr/share/fonts/truetype/Pretendard.zip; \
+    wget --quiet -O /tmp/Pretendard.zip "https://github.com/orioncactus/pretendard/releases/download/v${PRETENDARD_VERSION}/Pretendard-${PRETENDARD_VERSION}.zip" && \
+    unzip -q /tmp/Pretendard.zip -d /usr/share/fonts/truetype/Pretendard/ && \
+    \
+    # Pretendard JP
     mkdir -p /usr/share/fonts/truetype/PretendardJP && \
-      wget --quiet -O /usr/share/fonts/truetype/PretendardJP.zip \
-        "https://github.com/orioncactus/pretendard/releases/download/v${PRETENDARD_VERSION}/PretendardJP-${PRETENDARD_VERSION}.zip" && \
-      unzip /usr/share/fonts/truetype/PretendardJP.zip -d /usr/share/fonts/truetype/PretendardJP/ && \
-      rm /usr/share/fonts/truetype/PretendardJP.zip; \
+    wget --quiet -O /tmp/PretendardJP.zip "https://github.com/orioncactus/pretendard/releases/download/v${PRETENDARD_VERSION}/PretendardJP-${PRETENDARD_VERSION}.zip" && \
+    unzip -q /tmp/PretendardJP.zip -d /usr/share/fonts/truetype/PretendardJP/ && \
     \
+    # Google Fonts
     install_google_font "notosans" "NotoSans[wdth,wght].ttf"; \
     install_google_font "notosans" "NotoSans-Italic[wdth,wght].ttf"; \
     install_google_font "notoserif" "NotoSerif[wdth,wght].ttf"; \
@@ -137,7 +126,6 @@ RUN set -eux; \
     install_google_font "notoserifjp" "NotoSerifJP[wght].ttf"; \
     install_google_font "notoemoji" "NotoEmoji[wght].ttf"; \
     install_google_font "notocoloremoji" "NotoColorEmoji-Regular.ttf"; \
-    \
     install_google_font "nanumbrushscript" "NanumBrushScript-Regular.ttf"; \
     install_google_font "nanumgothic" "NanumGothic-Bold.ttf"; \
     install_google_font "nanumgothic" "NanumGothic-ExtraBold.ttf"; \
@@ -147,23 +135,20 @@ RUN set -eux; \
     install_google_font "nanummyeongjo" "NanumMyeongjo-Bold.ttf"; \
     install_google_font "nanummyeongjo" "NanumMyeongjo-ExtraBold.ttf"; \
     install_google_font "nanummyeongjo" "NanumMyeongjo-Regular.ttf"; \
-    \
     install_google_font "ibmplexmono" "IBMPlexMono-Bold.ttf"; \
     install_google_font "ibmplexmono" "IBMPlexMono-Regular.ttf"; \
     install_google_font "ibmplexsanskr" "IBMPlexSansKR-Bold.ttf"; \
     install_google_font "ibmplexsanskr" "IBMPlexSansKR-Regular.ttf"; \
     \
-    chmod -R 644 /usr/share/fonts/truetype/* && \
-    find /usr/share/fonts/truetype/ -type d -exec chmod 755 {} + && \
+    chmod -R 644 /usr/share/fonts/truetype/*; \
+    find /usr/share/fonts/truetype/ -type d -exec chmod 755 {} +; \
     fc-cache -f -v
 
 # ─────────────────────────────
-# Stage 3: Builder
+# Stage 3: Builder (User Environment Construction)
 # ─────────────────────────────
 FROM base AS builder
-USER root
-COPY --chmod=775 fix-permissions /usr/local/bin/fix-permissions
-USER ${UID}
+USER ${USER}
 
 RUN uv init --python 3.12.9 --bare && \
     uv venv --python 3.12.9 --seed
@@ -185,15 +170,11 @@ RUN uv add \
       jupyterlab-language-pack-ko-KR \
       https://github.com/AISFlow/nbconvert.git
 
-RUN set -eux; \
-    EXTENSIONS="ms-python.python ms-python.pylint ms-toolsai.jupyter charliermarsh.ruff esbenp.prettier-vscode anwar.papyrus-pdf mechatroner.rainbow-csv cweijan.vscode-office"; \
+RUN mkdir -p /home/${USER}/.local/share/code-server && \
+    EXTENSIONS="ms-python.python ms-python.pylint ms-toolsai.jupyter charliermarsh.ruff esbenp.prettier-vscode anwar.papyrus-pdf mechatroner.rainbow-csv cweijan.vscode-office" && \
     for EXT in $EXTENSIONS; do \
       for i in $(seq 1 5); do \
-        if code-server --install-extension "${EXT}"; then \
-          break; \
-        else \
-          sleep 10; \
-        fi; \
+        if code-server --install-extension "${EXT}"; then break; else sleep 5; fi; \
       done; \
     done
 
@@ -218,22 +199,20 @@ FROM base AS runtime
 
 ENV NODE_ENV=production
 
-COPY --link --chown=${UID}:${GID} presettings/vscode-settings.json /home/${USER}/.local/share/code-server/User/settings.json
+USER root
 
-COPY --link --chown=${UID}:${GID} presettings/matplotlibrc /home/${USER}/.config/matplotlib/matplotlibrc
+COPY --link --chmod=755 --from=fonts /usr/share/fonts/ /usr/share/fonts/
+COPY --link --chmod=755 --from=ghcr.io/aisflow/dockerised-mecab-ko:20250319-190826 /opt/mecab/ /opt/mecab/
 
 COPY --link --chown=${UID}:${GID} --from=builder /home/${USER}/ /home/${USER}/
 
-COPY --link --chown=${UID}:${GID} endeavour /usr/bin/endeavour
-
-COPY --link --chmod=775 --from=builder /usr/local/bin/fix-permissions /usr/local/bin/fix-permissions
-
-COPY --link --chmod=775 --from=ghcr.io/aisflow/dockerised-mecab-ko:20250319-190826 /opt/mecab/ /opt/mecab/
-
-COPY --link --chmod=775 --from=fonts /usr/share/fonts/ /usr/share/fonts/
+COPY --link --chown=${UID}:${GID} presettings/vscode-settings.json /home/${USER}/.local/share/code-server/User/settings.json
+COPY --link --chown=${UID}:${GID} presettings/matplotlibrc /home/${USER}/.config/matplotlib/matplotlibrc
 
-USER root
+COPY --link --chmod=755 --from=builder /usr/local/bin/fix-permissions /usr/local/bin/fix-permissions
+COPY --link --chmod=755 endeavour /usr/bin/endeavour
 
 EXPOSE 8080
+
 ENTRYPOINT [ "tini", "--", "/opt/nvidia/nvidia_entrypoint.sh" ]
-CMD [ "endeavour" ]
+CMD [ "endeavour" ]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,16 +1,17 @@
 services:
   code-server:
-    image: aisflow/code:latest
     container_name: code-server
+    image: aisflow/code:latest
     ports:
-      - '127.0.0.1:8080:8080'
+      - 127.0.0.1:8080:8080
     volumes:
-      - './config:/home/code/.config'
-      - './home:/home/code/project/home'
-    stdin_open: true
-    tty: true
+      - ./config:/home/code/.config
+      - ./home:/home/code/project/home
     deploy:
       resources:
         reservations:
           devices:
-            - capabilities: [gpu]
+            - capabilities:
+                - gpu
+    stdin_open: true
+    tty: true
diff --git a/endeavour b/endeavour
@@ -48,10 +48,21 @@ log "INFO" "Setting user '${TARGET_UNAME}' to UID: ${TARGET_UID} and GID: ${TARG
 groupmod -o -g "${TARGET_GID}" "${TARGET_UNAME}"
 usermod -o -u "${TARGET_UID}" -g "${TARGET_GID}" "${TARGET_UNAME}"
 
-log "INFO" "Setting ownership for ${HOME_DIR}..."
+log "INFO" "Checking ownership for ${HOME_DIR}..."
 mkdir -p "${HOME_DIR}"
 usermod -d "${HOME_DIR}" "${TARGET_UNAME}"
-chown -R "${TARGET_UID}:${TARGET_GID}" "${HOME_DIR}"
+
+CURRENT_UID=$(stat -c "%u" "${HOME_DIR}")
+CURRENT_GID=$(stat -c "%g" "${HOME_DIR}")
+
+if [ "${CURRENT_UID}" != "${TARGET_UID}" ] || [ "${CURRENT_GID}" != "${TARGET_GID}" ]; then
+    log "WARN" "UID/GID mismatch detected (Current: ${CURRENT_UID}:${CURRENT_GID}, Target: ${TARGET_UID}:${TARGET_GID})."
+    log "INFO" "Running recursive chown on ${HOME_DIR}. This may take a while..."
+    chown -R "${TARGET_UID}:${TARGET_GID}" "${HOME_DIR}"
+    log "INFO" "Recursive chown completed."
+else
+    log "INFO" "UID/GID matches (Target: ${TARGET_UID}:${TARGET_GID}). Skipping recursive chown for fast startup."
+fi
 
 log "INFO" "Switching to user '${TARGET_UNAME}' and starting code-server..."
 exec gosu "${TARGET_UNAME}" code-server --bind-addr 0.0.0.0:8080 .
