feat!: switch default userid to 12021 (#3351)

- closes #3277

BREAKING CHANGE: the default user id is now `12021`.

docs/custom-base-image.md

@@ -9,7 +9,7 @@ You should always use a specific version which can be found at [docker hub](http
 
 ## Default user name and id
 
-Use this template for using a custom base image with our default user named `ubuntu` and userid `1000`.
+Use this template for using a custom base image with our default user named `ubuntu` and userid `12021`.
 
 ```dockerfile
 # This containerbase is used for tool intallation and user/directory setup
@@ -47,7 +47,7 @@ RUN install-tool yarn 1.22.10
 WORKDIR /usr/src/app
 
 # must be numeric if this should work with openshift
-USER 1000
+USER 12021
 ```
 
 ## Custom user name and id

src/cli/services/env.service.spec.ts

@@ -58,13 +58,13 @@ describe('env.service', () => {
   });
 
   test('userId', () => {
-    expect(child.get(EnvService).userId).toBe(1000);
+    expect(child.get(EnvService).userId).toBe(12021);
   });
 
   test('umask', () => {
     const e = child.get(EnvService);
     expect(e.umask).toBe(0o755);
-    Object.assign(e, { uid: 1000 });
+    Object.assign(e, { uid: 12021 });
     expect(e.umask).toBe(0o775);
   });
 

src/cli/services/env.service.ts

@@ -77,7 +77,7 @@ export class EnvService {
   }
 
   get userId(): number {
-    return parseInt(env.USER_ID ?? '1000', 10);
+    return parseInt(env.USER_ID ?? '12021', 10);
   }
 
   get umask(): number {

src/usr/local/containerbase/bin/install-containerbase.sh

@@ -10,7 +10,7 @@ if [[ -z "${USER_NAME}" ]]; then
 fi
 
 if [[ -z "${USER_ID}" ]]; then
-  export USER_ID=1000
+  export USER_ID=12021
   echo "No USER_ID defined - using: ${USER_ID}"
 fi
 

test/bash/filesystem.bats

@@ -18,7 +18,7 @@ teardown() {
 }
 
 @test "gets the default install dir" {
-    TEST_ROOT_USER=1000 \
+    TEST_ROOT_USER=12021 \
     run get_install_dir
     assert_output "${TEST_ROOT_DIR}/user"
 
@@ -142,7 +142,7 @@ teardown() {
   run create_folder
   assert_failure
 
-  TEST_ROOT_USER=1000
+  TEST_ROOT_USER=12021
   run create_folder "${install_dir}/foo"
   assert_success
 
@@ -172,7 +172,7 @@ teardown() {
 @test "creates deep folder with correct permissions" {
   local install_dir=$(get_install_dir)
 
-  TEST_ROOT_USER=1000
+  TEST_ROOT_USER=12021
   run create_folder "${install_dir}/test/foo/bar/baz"
 
   assert [ -d "${install_dir}/test" ]

test/bash/util.sh

@@ -12,7 +12,7 @@ export USER_HOME="${TEST_ROOT_DIR}/user"
 export ENV_FILE="${TEST_ROOT_DIR}/env"
 
 # set default test user
-export TEST_ROOT_USER=1000
+export TEST_ROOT_USER=12021
 
 # Overwrite is_root function to check a test root user
 # instead of the effective caller

test/bash/v2/filesystem.bats

@@ -21,7 +21,7 @@ teardown() {
 }
 
 @test "overwrite: gets the default install dir" {
-    TEST_ROOT_USER=1000 \
+    TEST_ROOT_USER=12021 \
     run get_install_dir
     assert_output "${TEST_ROOT_DIR}/root"
 

test/dart/Dockerfile

@@ -31,7 +31,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/dart/test test
+COPY --chown=12021:0 test/dart/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -46,7 +46,7 @@ RUN prepare-tool dart
 #--------------------------------------
 FROM build AS testa
 
-USER 1000
+USER 12021
 
 RUN install-tool dart 2.0.0
 

test/dotnet/Dockerfile

@@ -31,7 +31,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/dotnet/test test
+COPY --chown=12021:0 test/dotnet/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -44,7 +44,7 @@ RUN set -ex; dotnet --version | grep 6.0.
 
 RUN ls -la $USER_HOME/.nuget/NuGet
 
-USER 1000
+USER 12021
 
 RUN dotnet --info
 
@@ -80,7 +80,7 @@ RUN install-tool dotnet 8.0.402
 RUN install-tool dotnet 8.0.402
 RUN set -ex; dotnet --version | grep 8.0.
 
-USER 1000
+USER 12021
 
 RUN dotnet --info
 

test/erlang/Dockerfile

@@ -31,7 +31,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-# test openshift compatibility 1000<>1001
+# test openshift compatibility 12021<>1001
 COPY --chown=1001:0 test/erlang/test test
 WORKDIR /test
 
@@ -54,8 +54,8 @@ RUN install-tool erlang 27.0.1.0
 # renovate: datasource=github-releases packageName=elixir-lang/elixir
 RUN install-tool elixir 1.17.3
 
-RUN chown -R 1000:0 /test
-USER 1000
+RUN chown -R 12021:0 /test
+USER 12021
 
 RUN set -ex; \
     cd a; \

test/flutter/Dockerfile

@@ -35,7 +35,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/flutter/test test
+COPY --chown=12021:0 test/flutter/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -50,7 +50,7 @@ RUN prepare-tool flutter
 #--------------------------------------
 FROM build AS testa
 
-USER 1000
+USER 12021
 
 # EOL
 RUN install-tool flutter 2.10.5
@@ -64,7 +64,7 @@ RUN set -ex; \
 #--------------------------------------
 FROM build AS testb
 
-USER 1000
+USER 12021
 
 # renovate: datasource=github-releases packageName=containerbase/flutter-prebuild
 RUN install-tool flutter 3.24.3

test/flux/Dockerfile

@@ -34,7 +34,7 @@ ARG CONTAINERBASE_LOG_LEVEL
 # renovate: datasource=github-releases depName=flux packageName=fluxcd/flux2
 ARG FLUX_VERSION=v2.3.0
 
-USER 1000
+USER 12021
 
 #--------------------------------------
 # install flux as root

test/golang/Dockerfile

@@ -35,7 +35,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/golang/test test
+COPY --chown=12021:0 test/golang/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -46,7 +46,7 @@ FROM base AS testa
 # renovate: datasource=github-releases packageName=containerbase/golang-prebuild
 RUN install-tool golang 1.23.1
 
-USER 1000
+USER 12021
 
 RUN set -ex; cd a; go get -d ./...; cat go.sum; go mod tidy; cat go.sum
 
@@ -60,7 +60,7 @@ RUN set -ex; \
 USER root
 RUN echo export "GOPATH=/home/${USER_NAME}/.go" | tee -a $BASH_ENV
 
-USER 1000
+USER 12021
 RUN go env
 RUN set -ex; cd c; go get -d ./...; cat go.sum
 
@@ -77,7 +77,7 @@ RUN set -ex; \
   go get -d ./...; \
   go mod tidy;
 
-USER 1000
+USER 12021
 
 SHELL [ "/bin/sh", "-c" ]
 RUN go env
@@ -89,7 +89,7 @@ FROM base AS testc
 
 RUN prepare-tool golang
 
-USER 1000
+USER 12021
 
 # renovate: datasource=github-releases packageName=containerbase/golang-prebuild
 RUN install-tool golang 1.23.1

test/helm/Dockerfile

@@ -51,7 +51,7 @@ SHELL [ "/bin/sh", "-c" ]
 
 RUN helm version | grep "${HELM_VERSION}"
 
-USER 1000
+USER 12021
 
 RUN set -ex; \
   helm repo add stable https://charts.helm.sh/stable; \
@@ -60,7 +60,7 @@ RUN set -ex; \
 RUN helm version | grep "${HELM_VERSION}"
 
 # even more restricted
-USER 1000:1000
+USER 12021:12021
 
 RUN set -ex; \
   helm repo update

test/java/Dockerfile

@@ -35,7 +35,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/java/test test
+COPY --chown=12021:0 test/java/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -78,7 +78,7 @@ RUN install-tool java 11.0.23+9
 
 RUN prepare-tool gradle
 
-USER 1000
+USER 12021
 
 # stay on v6
 RUN install-tool gradle 6.9
@@ -109,7 +109,7 @@ RUN install-tool java-jre 21.0.4+7.0.LTS
 # renovate: datasource=gradle-version versioning=gradle
 RUN install-tool gradle 8.10.2
 
-USER 1000
+USER 12021
 
 RUN set -ex; \
   gradle --version;
@@ -208,7 +208,7 @@ RUN install-tool sbt v1.10.2
 RUN install-tool gradle 8.8-rc-2
 
 # doesn't work for arbitrary users
-USER 1000
+USER 12021
 
 WORKDIR /test
 RUN set -ex; \

test/jb/Dockerfile

@@ -31,15 +31,15 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/jb/test test
+COPY --chown=12021:0 test/jb/test test
 WORKDIR /test
 
 #--------------------------------------
 # build
 #--------------------------------------
 FROM base AS build
 
-USER 1000
+USER 12021
 
 # renovate: datasource=github-releases packageName=jsonnet-bundler/jsonnet-bundler
 RUN install-tool jb v0.6.0

test/latest/Dockerfile

@@ -172,7 +172,7 @@ RUN prepare-tool docker
 # renovate: datasource=github-tags packageName=git/git
 RUN install-tool git v2.46.2
 
-USER 1000
+USER 12021
 
 RUN set -ex; id; id | grep "uid=${USER_ID}(${USER_NAME}) gid=0(root) groups=0(root),999(docker),${USER_ID}(${USER_NAME})"
 
@@ -256,7 +256,7 @@ RUN helmfile version | grep "${HELMFILE_VERSION}"
 
 RUN kustomize version | grep "${KUSTOMIZE_VERSION}"
 
-USER 1000
+USER 12021
 
 RUN bazel --version
 

test/nix/Dockerfile

@@ -31,7 +31,7 @@ ARG CONTAINERBASE_CDN
 ARG CONTAINERBASE_DEBUG
 ARG CONTAINERBASE_LOG_LEVEL
 
-COPY --chown=1000:0 test/nix/test test
+COPY --chown=12021:0 test/nix/test test
 WORKDIR /test
 
 #--------------------------------------
@@ -42,7 +42,7 @@ FROM base AS testa
 # old nix version, not for renovating
 RUN install-tool nix 2.10.3
 
-USER 1000
+USER 12021
 
 RUN set -ex; \
   nix --version
@@ -54,7 +54,7 @@ RUN set -ex; \
     --extra-experimental-features flakes \
     eval --raw --file flake.nix inputs.nixpkgs.url
 
-RUN --mount=type=secret,id=GITHUB_TOKEN,uid=1000 \
+RUN --mount=type=secret,id=GITHUB_TOKEN,uid=12021 \
   set -ex; \
   [ -f /run/secrets/GITHUB_TOKEN ] && export NIX_CONFIG="access-tokens = github.com=$(cat /run/secrets/GITHUB_TOKEN)"; \
   nix \
@@ -68,7 +68,7 @@ RUN --mount=type=secret,id=GITHUB_TOKEN,uid=1000 \
 FROM base AS testb
 
 
-USER 1000
+USER 12021
 
 # renovate: datasource=github-tags packageName=NixOS/nix
 RUN install-tool nix 2.24.9
@@ -83,7 +83,7 @@ RUN set -ex; \
     eval --raw --file flake.nix inputs.nixpkgs.url
 
 
-RUN --mount=type=secret,id=GITHUB_TOKEN,uid=1000 \
+RUN --mount=type=secret,id=GITHUB_TOKEN,uid=12021 \
   set -ex; \
   [ -f /run/secrets/GITHUB_TOKEN ] && export NIX_CONFIG="access-tokens = github.com=$(cat /run/secrets/GITHUB_TOKEN)"; \
   nix \