From a8af028aa9c6b2abb791fab062b4486c68a6a875 Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 20:21:52 +0100
Subject: [PATCH 1/6] feat(docker): add configurable user and group IDs for
 non-root user (#80)

* Introduced `ARG PUID` and `ARG PGID` to allow customization of user and group IDs.
* Updated user creation command to use these arguments for better flexibility.
---
 Dockerfile.ubuntu-2004 | 7 +++++--
 Dockerfile.ubuntu-2204 | 7 +++++--
 Dockerfile.ubuntu-2404 | 5 ++++-
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/Dockerfile.ubuntu-2004 b/Dockerfile.ubuntu-2004
index 9e694cf..2159d38 100644
--- a/Dockerfile.ubuntu-2004
+++ b/Dockerfile.ubuntu-2004
@@ -1,6 +1,8 @@
 FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG PUID=1000
+ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF
 
@@ -34,8 +36,9 @@ RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
-# Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
+# Create non-root user/group with configurable IDs
+RUN groupadd -g "${PGID}" steam \
+  && useradd -l -u "${PUID}" -g steam -m -d /home/steam -s /bin/bash steam \
   && mkdir -p /home/steam/Steam \
   && chown -R steam:steam /home/steam
 USER steam
diff --git a/Dockerfile.ubuntu-2204 b/Dockerfile.ubuntu-2204
index 03d2f75..abecfe7 100644
--- a/Dockerfile.ubuntu-2204
+++ b/Dockerfile.ubuntu-2204
@@ -1,6 +1,8 @@
 FROM ubuntu:22.04
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG PUID=1000
+ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF
 
@@ -34,8 +36,9 @@ RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
-# Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
+# Create non-root user/group with configurable IDs
+RUN groupadd -g "${PGID}" steam \
+  && useradd -l -u "${PUID}" -g steam -m -d /home/steam -s /bin/bash steam \
   && mkdir -p /home/steam/Steam \
   && chown -R steam:steam /home/steam
 USER steam
diff --git a/Dockerfile.ubuntu-2404 b/Dockerfile.ubuntu-2404
index decbfb5..8af22a2 100644
--- a/Dockerfile.ubuntu-2404
+++ b/Dockerfile.ubuntu-2404
@@ -1,6 +1,8 @@
 FROM ubuntu:24.04
 
 ARG DEBIAN_FRONTEND=noninteractive
+ARG PUID=1000
+ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF
 
@@ -35,7 +37,8 @@ ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
 # Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
+RUN groupadd -g "${PGID}" steam \
+  && useradd -l -u "${PUID}" -g steam -m -d /home/steam -s /bin/bash steam \
   && mkdir -p /home/steam/Steam \
   && chown -R steam:steam /home/steam
 USER steam

From ffd612e92e1647f7fac4d9f17f6a2f2bc57c5f71 Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 19:41:37 +0000
Subject: [PATCH 2/6] refactor(dockerfiles): remove non-root user creation
 removed steam user as could cause issues with upstream containers

---
 Dockerfile.ubuntu-2004 | 7 -------
 Dockerfile.ubuntu-2204 | 7 -------
 Dockerfile.ubuntu-2404 | 7 -------
 3 files changed, 21 deletions(-)

diff --git a/Dockerfile.ubuntu-2004 b/Dockerfile.ubuntu-2004
index 9e694cf..9b38db1 100644
--- a/Dockerfile.ubuntu-2004
+++ b/Dockerfile.ubuntu-2004
@@ -34,13 +34,6 @@ RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
-# Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
-  && mkdir -p /home/steam/Steam \
-  && chown -R steam:steam /home/steam
-USER steam
-WORKDIR /home/steam
-
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
 
diff --git a/Dockerfile.ubuntu-2204 b/Dockerfile.ubuntu-2204
index 03d2f75..3b8c2c3 100644
--- a/Dockerfile.ubuntu-2204
+++ b/Dockerfile.ubuntu-2204
@@ -34,13 +34,6 @@ RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
-# Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
-  && mkdir -p /home/steam/Steam \
-  && chown -R steam:steam /home/steam
-USER steam
-WORKDIR /home/steam
-
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
 
diff --git a/Dockerfile.ubuntu-2404 b/Dockerfile.ubuntu-2404
index decbfb5..67135f1 100644
--- a/Dockerfile.ubuntu-2404
+++ b/Dockerfile.ubuntu-2404
@@ -34,13 +34,6 @@ RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 
-# Create non-root user
-RUN useradd -m -d /home/steam -s /bin/bash steam \
-  && mkdir -p /home/steam/Steam \
-  && chown -R steam:steam /home/steam
-USER steam
-WORKDIR /home/steam
-
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
 

From bbc8f143f543971d303fb9566b8fed7c1e0a0c4e Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 19:58:45 +0000
Subject: [PATCH 3/6] refactor(dockerfiles): improve package installation
 formatting

* Split `apt-get install` command into multiple lines for better readability.
* Updated package list to ensure compatibility with the latest dependencies.
* Removed commented-out health check for cleaner Dockerfile.
---
 Dockerfile.ubuntu-2004 | 11 +++++++----
 Dockerfile.ubuntu-2204 | 11 +++++++----
 Dockerfile.ubuntu-2404 | 11 +++++++----
 3 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/Dockerfile.ubuntu-2004 b/Dockerfile.ubuntu-2004
index 2d1148f..9811b86 100644
--- a/Dockerfile.ubuntu-2004
+++ b/Dockerfile.ubuntu-2004
@@ -24,7 +24,13 @@ RUN echo "**** Install SteamCMD ****" \
   && echo steam steam/license note '' | debconf-set-selections \
   && dpkg --add-architecture i386 \
   && apt-get update \
-  && apt-get install -y --no-install-recommends ca-certificates locales lib32gcc1 libsdl2-2.0-0:i386 tzdata steamcmd \
+  && apt-get install -y --no-install-recommends \
+  ca-certificates \
+  locales \
+  lib32gcc-s1 \
+  libsdl2-2.0-0:i386 \
+  tzdata \
+  steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
   && apt-get -y autoremove \
   && apt-get -y clean \
@@ -38,6 +44,3 @@ ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
-
-# Basic health check: run a no-op steamcmd help then quit
-HEALTHCHECK --interval=30m --timeout=30s --start-period=30s --retries=3 CMD steamcmd +login anonymous +app_info_update 1 +quit > /dev/null 2>&1 || exit 1
diff --git a/Dockerfile.ubuntu-2204 b/Dockerfile.ubuntu-2204
index dd1bd12..58a2f4c 100644
--- a/Dockerfile.ubuntu-2204
+++ b/Dockerfile.ubuntu-2204
@@ -24,7 +24,13 @@ RUN echo "**** Install SteamCMD ****" \
   && echo steam steam/license note '' | debconf-set-selections \
   && dpkg --add-architecture i386 \
   && apt-get update \
-  && apt-get install -y --no-install-recommends ca-certificates locales lib32gcc-s1 libsdl2-2.0-0:i386 tzdata steamcmd \
+  && apt-get install -y --no-install-recommends \
+  ca-certificates \
+  locales \
+  lib32gcc-s1 \
+  libsdl2-2.0-0:i386 \
+  tzdata \
+  steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
   && apt-get -y autoremove \
   && apt-get -y clean \
@@ -38,6 +44,3 @@ ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
-
-# Basic health check: run a no-op steamcmd help then quit
-HEALTHCHECK --interval=30m --timeout=30s --start-period=30s --retries=3 CMD steamcmd +login anonymous +app_info_update 1 +quit > /dev/null 2>&1 || exit 1
diff --git a/Dockerfile.ubuntu-2404 b/Dockerfile.ubuntu-2404
index 1ad2484..9bb3d73 100644
--- a/Dockerfile.ubuntu-2404
+++ b/Dockerfile.ubuntu-2404
@@ -24,7 +24,13 @@ RUN echo "**** Install SteamCMD ****" \
   && echo steam steam/license note '' | debconf-set-selections \
   && dpkg --add-architecture i386 \
   && apt-get update \
-  && apt-get install -y --no-install-recommends ca-certificates locales lib32gcc-s1 libsdl2-2.0-0:i386 tzdata steamcmd \
+  && apt-get install -y --no-install-recommends \
+  ca-certificates \
+  locales \
+  lib32gcc-s1 \
+  libsdl2-2.0-0:i386 \
+  tzdata \
+  steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
   && apt-get -y autoremove \
   && apt-get -y clean \
@@ -38,6 +44,3 @@ ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
-
-# Basic health check: run a no-op steamcmd help then quit
-HEALTHCHECK --interval=30m --timeout=30s --start-period=30s --retries=3 CMD steamcmd +login anonymous +app_info_update 1 +quit > /dev/null 2>&1 || exit 1

From 867d487684ed1da46464510550c6af4433b88578 Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 20:16:53 +0000
Subject: [PATCH 4/6] refactor(dockerfiles): optimize locale generation in
 Dockerfiles

* Moved `locale-gen en_US.UTF-8` command into the main installation RUN command for efficiency.
* Removed redundant `RUN locale-gen` lines to streamline the Dockerfile.
---
 Dockerfile.ubuntu-2004 | 3 +--
 Dockerfile.ubuntu-2204 | 3 +--
 Dockerfile.ubuntu-2404 | 3 +--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.ubuntu-2004 b/Dockerfile.ubuntu-2004
index 9811b86..4642684 100644
--- a/Dockerfile.ubuntu-2004
+++ b/Dockerfile.ubuntu-2004
@@ -32,15 +32,14 @@ RUN echo "**** Install SteamCMD ****" \
   tzdata \
   steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
+  && locale-gen en_US.UTF-8 \
   && apt-get -y autoremove \
   && apt-get -y clean \
   && rm -rf /usr/share/man /usr/share/doc /usr/share/info /usr/share/lintian /usr/share/locale/* \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add unicode support
-RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
diff --git a/Dockerfile.ubuntu-2204 b/Dockerfile.ubuntu-2204
index 58a2f4c..ee5eaad 100644
--- a/Dockerfile.ubuntu-2204
+++ b/Dockerfile.ubuntu-2204
@@ -32,15 +32,14 @@ RUN echo "**** Install SteamCMD ****" \
   tzdata \
   steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
+  && locale-gen en_US.UTF-8 \
   && apt-get -y autoremove \
   && apt-get -y clean \
   && rm -rf /usr/share/man /usr/share/doc /usr/share/info /usr/share/lintian /usr/share/locale/* \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add unicode support
-RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]
diff --git a/Dockerfile.ubuntu-2404 b/Dockerfile.ubuntu-2404
index 9bb3d73..26bbfbb 100644
--- a/Dockerfile.ubuntu-2404
+++ b/Dockerfile.ubuntu-2404
@@ -32,15 +32,14 @@ RUN echo "**** Install SteamCMD ****" \
   tzdata \
   steamcmd \
   && ln -s /usr/games/steamcmd /usr/bin/steamcmd \
+  && locale-gen en_US.UTF-8 \
   && apt-get -y autoremove \
   && apt-get -y clean \
   && rm -rf /usr/share/man /usr/share/doc /usr/share/info /usr/share/lintian /usr/share/locale/* \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add unicode support
-RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US:en
 
 ENTRYPOINT ["steamcmd"]
 CMD ["+help", "+quit"]

From 7fb4bf13fadb02b150ef965a001b54e3afaa76fa Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 20:20:20 +0000
Subject: [PATCH 5/6] feat(checkov): add initial configuration for skip-check
 rules

* Introduced `.checkov.yml` to define skip-check rules for Docker.
* This configuration skips checks CKV_DOCKER_2 and CKV_DOCKER_3.
---
 .checkov.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .checkov.yml

diff --git a/.checkov.yml b/.checkov.yml
new file mode 100644
index 0000000..26dc84c
--- /dev/null
+++ b/.checkov.yml
@@ -0,0 +1,3 @@
+skip-check:
+  - CKV_DOCKER_2
+  - CKV_DOCKER_3

From 5fbf06b1b40832910b9ab9d7790e8cf466916b2c Mon Sep 17 00:00:00 2001
From: Daniel Gibbs <me@danielgibbs.co.uk>
Date: Fri, 15 Aug 2025 21:49:49 +0000
Subject: [PATCH 6/6] feat(dockerfiles): remove ubuntu user from 24.04 docker
 image

* Removed `ARG PUID` and `ARG PGID` from Dockerfiles for Ubuntu 20.04, 22.04, and 24.04.
* Added a step to remove the default `ubuntu` user in Dockerfile for Ubuntu 24.04.
---
 Dockerfile.ubuntu-2004 | 2 --
 Dockerfile.ubuntu-2204 | 2 --
 Dockerfile.ubuntu-2404 | 5 +++--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.ubuntu-2004 b/Dockerfile.ubuntu-2004
index 4642684..42a704e 100644
--- a/Dockerfile.ubuntu-2004
+++ b/Dockerfile.ubuntu-2004
@@ -1,8 +1,6 @@
 FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG PUID=1000
-ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF
 
diff --git a/Dockerfile.ubuntu-2204 b/Dockerfile.ubuntu-2204
index ee5eaad..695acc1 100644
--- a/Dockerfile.ubuntu-2204
+++ b/Dockerfile.ubuntu-2204
@@ -1,8 +1,6 @@
 FROM ubuntu:22.04
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG PUID=1000
-ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF
 
diff --git a/Dockerfile.ubuntu-2404 b/Dockerfile.ubuntu-2404
index 26bbfbb..92b94bb 100644
--- a/Dockerfile.ubuntu-2404
+++ b/Dockerfile.ubuntu-2404
@@ -1,8 +1,9 @@
 FROM ubuntu:24.04
 
+## Remove ubuntu user added in 24.04 by default
+RUN touch /var/mail/ubuntu && chown ubuntu /var/mail/ubuntu && userdel -r ubuntu
+
 ARG DEBIAN_FRONTEND=noninteractive
-ARG PUID=1000
-ARG PGID=1000
 ARG BUILD_DATE
 ARG VCS_REF