Optimize layers in runtime-deps images (#4616)

eng/dockerfile-templates/aspnet/Dockerfile.envs

@@ -1,6 +1,15 @@
 {{
+    _ ARGS:
+        is-composite-runtime (optional): Whether to include the runtime version ^
+
     set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^
     set isWindows to find(OS_VERSION, "nanoserver") >= 0 || find(OS_VERSION, "windowsservercore") >= 0 ^
-    set lineContinuation to when(isWindows, "`", "\")
-}}# ASP.NET Core version
-ENV ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}}
+    set lineContinuation to when(isWindows, "`", "\") ^
+    set aspnetComment to "# ASP.NET Core version"
+}}{{if ARGS["is-composite-runtime"]:ENV {{lineContinuation}}
+    # .NET Runtime version
+    DOTNET_VERSION={{VARIABLES[cat("runtime|", dotnetVersion, "|build-version")]}} {{lineContinuation}}
+    {{aspnetComment}}
+    ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}}
+^else:{{aspnetComment}}
+ENV ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}}}}

eng/dockerfile-templates/aspnet/Dockerfile.linux-composite

@@ -26,8 +26,7 @@
 {{ if isAlpine:
 {{InsertTemplate("../Dockerfile.alpine.invariant-mode")}}
 }}
-{{InsertTemplate("../runtime/Dockerfile.envs")}}
-{{InsertTemplate("Dockerfile.envs")}}
+{{InsertTemplate("Dockerfile.envs", [ "is-composite-runtime": "true" ])}}
 
 # Install ASP.NET Composite Runtime
 {{InsertTemplate("../runtime/Dockerfile.linux.install-runtime",

eng/dockerfile-templates/runtime-deps/Dockerfile

@@ -26,7 +26,12 @@
     set gid to uid
 }}{{
     if !isSingleStage:# Installer image
-}}FROM {{baseImageRepo}}:{{baseImageTag}}{{if !isSingleStage: AS installer}}{{ if isInternal && isRpmInstall:
+}}FROM {{baseImageRepo}}:{{baseImageTag}}
+
+{{InsertTemplate("../Dockerfile.common-dotnet-envs", [
+    "uid": uid
+])}}
+{{if !isSingleStage: AS installer}}{{ if isInternal && isRpmInstall:
 
 ARG SAS_QUERY_STRING
 
@@ -37,9 +42,7 @@ RUN {{InsertTemplate("Dockerfile.download-runtime-deps-pkg",
         "is-internal": isInternal
     ], "    ")}}}}
 {{if isRpmInstall && isInternal:FROM {{baseImageRepo}}:{{baseImageTag}}
-}}
-RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}}
-{{ if isRpmInstall:
+}}RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}}{{ if isRpmInstall:
 {{if isInternal:{{InsertTemplate("../Dockerfile.linux.copy-files",
 [
     "files": [
@@ -49,23 +52,16 @@ RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}}
     ],
     "srcStage": "installer",
     "destination": ""
-])}}
-}}{{InsertTemplate("Dockerfile.install-runtime-deps-pkg",
+])}}}}
+{{InsertTemplate("Dockerfile.install-runtime-deps-pkg",
     [
         "skip-download": isInternal
         "url-suffix": urlSuffix,
         "filename": rpmFilename
-    ])}}
-}}{{if dotnetVersion != "6.0" && dotnetVersion != "7.0":
+    ])}}}}{{if dotnetVersion != "6.0" && dotnetVersion != "7.0":
 # Create a non-root user and group
 RUN {{InsertTemplate("Dockerfile.linux.non-root-user",
     [
         "name": username,
-        "uid": uid,
-        "gid": gid,
         "append-cmd": len(utilPkgs) > 0
-    ])}}
-}}
-{{InsertTemplate("../Dockerfile.common-dotnet-envs", [
-    "uid": uid
-])}}
+    ])}}}}

eng/dockerfile-templates/runtime-deps/Dockerfile.chiseled-ubuntu

@@ -5,6 +5,7 @@
     set uid to 64198 ^
     set gid to uid
 }}FROM {{ARCH_VERSIONED}}/golang:1.18 as chisel
+
 RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel
 WORKDIR /opt/chisel
 RUN go generate internal/deb/version.go \

eng/dockerfile-templates/runtime-deps/Dockerfile.distroless-mariner

@@ -60,13 +60,13 @@ RUN rm -rf {{distrolessStagingDir}}/etc/{{when(find(OS_VERSION, "1.0") >= 0, "dn
 # .NET runtime-deps image
 FROM {{baseImage}}
 
+{{InsertTemplate("../Dockerfile.common-dotnet-envs", [
+    "uid": uid
+])}}
+
 COPY --from=installer {{distrolessStagingDir}}/ /{{if createUserHome:
 
 # Workaround for https://github.com/moby/moby/issues/38710
 COPY --from=installer --chown={{uid}}:{{gid}} {{distrolessStagingDir}}/home/{{username}} /home/{{username}}}}
 
-{{InsertTemplate("../Dockerfile.common-dotnet-envs", [
-    "uid": uid
-])}}
-
 USER app

eng/dockerfile-templates/runtime-deps/Dockerfile.linux.distroless-user

@@ -2,24 +2,26 @@
     _ Configures the app user and group for distroless containers
     _ ARGS:
         staging-dir: Path to the distroless staging directory
+        name: Name of the user/group to create
         create-dir (optional): Indicates whether the etc directory should be created in staging
         exclusive (optional): Indicates whether the app user is the only user and all other users are removed
-        name: Name of the user/group to create
-        uid: ID of the user to be created
-        gid: ID of the group to be created
+        uid: (optional) ID of the user to be created, $APP_UID by default
+        gid: (optional) ID of the group to be created, same as uid by default
         no-create-home (optional): Indicates whether a home directory should be created for the user ^
     set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^
     set isMariner to find(OS_VERSION, "cbl-mariner") >= 0 ^
-    set isAlpine to find(OS_VERSION, "alpine") >= 0
+    set isAlpine to find(OS_VERSION, "alpine") >= 0 ^
+    set uid to when(len(ARGS["uid"]) > 0, ARGS["uid"], "$APP_UID") ^
+    set gid to when(len(ARGS["gid"]) > 0, ARGS["gid"], uid)
 }}{{InsertTemplate("Dockerfile.linux.non-root-user",
 [
     "name": ARGS["name"],
-    "uid": ARGS["uid"],
-    "gid": ARGS["gid"],
+    "uid": uid,
+    "gid": gid,
     "no-create-home": ARGS["no-create-home"],
     "no-shell": "true"
 ])}} \{{if !ARGS["no-create-home"]:
-    && install -d -m 0755 -o {{ARGS["uid"]}} -g {{ARGS["gid"]}} "{{ARGS["staging-dir"]}}/home/{{ARGS["name"]}}" \}}{{
+    && install -d -m 0755 -o {{uid}} -g {{gid}} "{{ARGS["staging-dir"]}}/home/{{ARGS["name"]}}" \}}{{
     if ARGS["exclusive"]:{{if ARGS["create-dir"]:
     && mkdir -p "{{ARGS["staging-dir"]}}/etc" \}}
     && rootOrAppRegex='@^\(root\|app\):' \

eng/dockerfile-templates/runtime-deps/Dockerfile.linux.non-root-user

@@ -2,8 +2,8 @@
     _ Configures a non-root user
     _ ARGS:
         name: Name of the user/group to create
-        uid: ID of the user to be created
-        gid: ID of the group to be created
+        gid (optional): ID of the group to be created
+        uid (optional): ID of the user to be created
         no-create-home (optional): Indicates whether a home directory should be created for the user
         no-shell (optional): Indicates whether the shell should be set to /bin/false ^
     set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^
@@ -14,6 +14,8 @@
     set isDistrolessMariner to defined(match(OS_VERSION, "^cbl-mariner\d+\.\d+-distroless$")) ^
     set isChiseledUbuntu to find(OS_VERSION, "chiseled") >= 0 ^
     set addUserCommand to when(isDebian || isUbuntu || isMariner, "useradd -l", "adduser") ^
+    set uid to when(len(ARGS["uid"]) > 0, ARGS["uid"], "$APP_UID") ^
+    set gid to when(len(ARGS["gid"]) > 0, ARGS["gid"], "$APP_UID") ^
     set utilPkgs to when(isMariner && !isDistrolessMariner && dotnetVersion != "6.0" && dotnetVersion != "7.0", ["shadow-utils"], [])
 }}{{if len(utilPkgs) > 0:{{InsertTemplate("../Dockerfile.linux.install-pkgs", [
         "pkgs": utilPkgs,
@@ -21,11 +23,11 @@
     ])}}
     && }}{{if isAlpine:addgroup^else:groupadd}} \
         --system \
-        --gid={{ARGS["gid"]}} \
+        --gid={{gid}} \
         {{ARGS["name"]}} \
     && {{addUserCommand}} \
-        --uid {{ARGS["uid"]}} \
-        {{if isAlpine:--ingroup={{ARGS["name"]}}^else:--gid {{ARGS["gid"]}}}} \{{if ARGS["no-shell"]:
+        --uid={{uid}} \
+        {{if isAlpine:--ingroup={{ARGS["name"]}}^else:--gid={{gid}}}} \{{if ARGS["no-shell"]:
         --shell /bin/false \}}{{if ARGS["no-create-home"]:
         --no-create-home \^elif dotnetVersion != "6.0" && dotnetVersion != "7.0" && (find(addUserCommand, "useradd") >= 0) && !isChiseledUbuntu:
         --create-home \}}

src/aspnet/8.0/alpine3.17-composite/amd64/Dockerfile

@@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-amd64
 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set
 # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information.
 
-# .NET Runtime version
-ENV DOTNET_VERSION=8.0.0-preview.4.23259.5
-# ASP.NET Core version
-ENV ASPNET_VERSION=8.0.0-preview.4.23260.4
+ENV \
+    # .NET Runtime version
+    DOTNET_VERSION=8.0.0-preview.4.23259.5 \
+    # ASP.NET Core version
+    ASPNET_VERSION=8.0.0-preview.4.23260.4
+
 
 # Install ASP.NET Composite Runtime
 RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-x64.tar.gz \

src/aspnet/8.0/alpine3.17-composite/arm32v7/Dockerfile

@@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-arm32v7
 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set
 # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information.
 
-# .NET Runtime version
-ENV DOTNET_VERSION=8.0.0-preview.4.23259.5
-# ASP.NET Core version
-ENV ASPNET_VERSION=8.0.0-preview.4.23260.4
+ENV \
+    # .NET Runtime version
+    DOTNET_VERSION=8.0.0-preview.4.23259.5 \
+    # ASP.NET Core version
+    ASPNET_VERSION=8.0.0-preview.4.23260.4
+
 
 # Install ASP.NET Composite Runtime
 RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-arm.tar.gz \

src/aspnet/8.0/alpine3.17-composite/arm64v8/Dockerfile

@@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-arm64v8
 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set
 # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information.
 
-# .NET Runtime version
-ENV DOTNET_VERSION=8.0.0-preview.4.23259.5
-# ASP.NET Core version
-ENV ASPNET_VERSION=8.0.0-preview.4.23260.4
+ENV \
+    # .NET Runtime version
+    DOTNET_VERSION=8.0.0-preview.4.23259.5 \
+    # ASP.NET Core version
+    ASPNET_VERSION=8.0.0-preview.4.23260.4
+
 
 # Install ASP.NET Composite Runtime
 RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-arm64.tar.gz \

src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile

@@ -1,5 +1,13 @@
 FROM amd64/alpine:3.17
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,11 +18,3 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile

@@ -1,5 +1,13 @@
 FROM arm32v7/alpine:3.17
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,11 +18,3 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile

@@ -1,5 +1,13 @@
 FROM arm64v8/alpine:3.17
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,11 +18,3 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM amd64/debian:bullseye-slim
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile

@@ -1,5 +1,11 @@
 FROM arm32v7/debian:bullseye-slim
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile

@@ -1,5 +1,11 @@
 FROM arm64v8/debian:bullseye-slim
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/cbl-mariner1.0-distroless/amd64/Dockerfile

@@ -26,8 +26,8 @@ RUN groupadd \
         --gid=1000 \
         app \
     && useradd -l \
-        --uid 1000 \
-        --gid 1000 \
+        --uid=1000 \
+        --gid=1000 \
         --shell /bin/false \
         --no-create-home \
         --system \
@@ -49,12 +49,12 @@ RUN rm -rf /staging/etc/dnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:1.0
 
-COPY --from=installer /staging/ /
-
 ENV \
     # Configure web servers to bind to port 8080 when present
     ASPNETCORE_URLS=http://+:8080 \
     # Enable detection of running in a container
     DOTNET_RUNNING_IN_CONTAINER=true
 
+COPY --from=installer /staging/ /
+
 USER app

src/runtime-deps/6.0/cbl-mariner1.0/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:1.0
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \
     && echo "$dotnet_sha512  dotnet-runtime-deps.rpm" | sha512sum -c - \
     && rpm --install dotnet-runtime-deps.rpm \
     && rm dotnet-runtime-deps.rpm
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/cbl-mariner2.0-distroless/amd64/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=101 \
         app \
     && useradd -l \
-        --uid 101 \
-        --gid 101 \
+        --uid=101 \
+        --gid=101 \
         --shell /bin/false \
         --no-create-home \
         --system \
@@ -58,8 +58,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
 ENV \
     # Configure web servers to bind to port 8080 when present
     ASPNETCORE_URLS=http://+:8080 \
@@ -68,4 +66,6 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
 USER app

src/runtime-deps/6.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=101 \
         app \
     && useradd -l \
-        --uid 101 \
-        --gid 101 \
+        --uid=101 \
+        --gid=101 \
         --shell /bin/false \
         --no-create-home \
         --system \
@@ -58,8 +58,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
 ENV \
     # Configure web servers to bind to port 8080 when present
     ASPNETCORE_URLS=http://+:8080 \
@@ -68,4 +66,6 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
 USER app

src/runtime-deps/6.0/cbl-mariner2.0/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \
     && echo "$dotnet_sha512  dotnet-runtime-deps.rpm" | sha512sum -c - \
     && tdnf install -y --disablerepo=* dotnet-runtime-deps.rpm \
     && rm dotnet-runtime-deps.rpm
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/cbl-mariner2.0/arm64v8/Dockerfile

@@ -1,5 +1,11 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \
     && echo "$dotnet_sha512  dotnet-runtime-deps.rpm" | sha512sum -c - \
     && tdnf install -y --disablerepo=* dotnet-runtime-deps.rpm \
     && rm dotnet-runtime-deps.rpm
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/focal/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:focal
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/focal/arm32v7/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:focal
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/focal/arm64v8/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:focal
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/jammy/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/jammy/arm32v7/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/6.0/jammy/arm64v8/Dockerfile

@@ -1,5 +1,11 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,9 +19,3 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/7.0/cbl-mariner2.0-distroless/amd64/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=101 \
         app \
     && useradd -l \
-        --uid 101 \
-        --gid 101 \
+        --uid=101 \
+        --gid=101 \
         --shell /bin/false \
         --system \
         app \
@@ -58,11 +58,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
-# Workaround for https://github.com/moby/moby/issues/38710
-COPY --from=installer --chown=101:101 /staging/home/app /home/app
-
 ENV \
     # Configure web servers to bind to port 8080 when present
     ASPNETCORE_URLS=http://+:8080 \
@@ -71,4 +66,9 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
+# Workaround for https://github.com/moby/moby/issues/38710
+COPY --from=installer --chown=101:101 /staging/home/app /home/app
+
 USER app

src/runtime-deps/7.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=101 \
         app \
     && useradd -l \
-        --uid 101 \
-        --gid 101 \
+        --uid=101 \
+        --gid=101 \
         --shell /bin/false \
         --system \
         app \
@@ -58,11 +58,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
-# Workaround for https://github.com/moby/moby/issues/38710
-COPY --from=installer --chown=101:101 /staging/home/app /home/app
-
 ENV \
     # Configure web servers to bind to port 8080 when present
     ASPNETCORE_URLS=http://+:8080 \
@@ -71,4 +66,9 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
+# Workaround for https://github.com/moby/moby/issues/38710
+COPY --from=installer --chown=101:101 /staging/home/app /home/app
+
 USER app

src/runtime-deps/7.0/cbl-mariner2.0/amd64/Dockerfile

@@ -1,5 +1,11 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -12,9 +18,3 @@ RUN tdnf install -y \
         openssl-libs \
         zlib \
     && tdnf clean all
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/7.0/cbl-mariner2.0/arm64v8/Dockerfile

@@ -1,5 +1,11 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # Configure web servers to bind to port 80 when present
+    ASPNETCORE_URLS=http://+:80 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -12,9 +18,3 @@ RUN tdnf install -y \
         openssl-libs \
         zlib \
     && tdnf clean all
-
-ENV \
-    # Configure web servers to bind to port 80 when present
-    ASPNETCORE_URLS=http://+:80 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile

@@ -1,5 +1,15 @@
 FROM amd64/alpine:3.17
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,24 +20,13 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
 # Create a non-root user and group
 RUN addgroup \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && adduser \
-        --uid 64198 \
+        --uid=$APP_UID \
         --ingroup=app \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile

@@ -1,5 +1,15 @@
 FROM arm32v7/alpine:3.17
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,24 +20,13 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
 # Create a non-root user and group
 RUN addgroup \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && adduser \
-        --uid 64198 \
+        --uid=$APP_UID \
         --ingroup=app \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile

@@ -1,5 +1,15 @@
 FROM arm64v8/alpine:3.17
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true \
+    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+
 RUN apk add --no-cache \
         ca-certificates \
         \
@@ -10,24 +20,13 @@ RUN apk add --no-cache \
         libssl3 \
         libstdc++ \
         zlib
-
 # Create a non-root user and group
 RUN addgroup \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && adduser \
-        --uid 64198 \
+        --uid=$APP_UID \
         --ingroup=app \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true \
-    # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
-    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true

src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile

@@ -1,5 +1,13 @@
 FROM amd64/debian:bookworm-slim
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile

@@ -1,5 +1,13 @@
 FROM arm32v7/debian:bookworm-slim
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile

@@ -1,5 +1,13 @@
 FROM arm64v8/debian:bookworm-slim
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=64198 \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=64198 \
+        --gid=64198 \
         --shell /bin/false \
         --create-home \
         --system \
@@ -59,11 +59,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
-# Workaround for https://github.com/moby/moby/issues/38710
-COPY --from=installer --chown=64198:64198 /staging/home/app /home/app
-
 ENV \
     # UID of the non-root user 'app'
     APP_UID=64198 \
@@ -74,4 +69,9 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
+# Workaround for https://github.com/moby/moby/issues/38710
+COPY --from=installer --chown=64198:64198 /staging/home/app /home/app
+
 USER app

src/runtime-deps/8.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile

@@ -35,8 +35,8 @@ RUN groupadd \
         --gid=64198 \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=64198 \
+        --gid=64198 \
         --shell /bin/false \
         --create-home \
         --system \
@@ -59,11 +59,6 @@ RUN rm -rf /staging/etc/tdnf \
 # .NET runtime-deps image
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 
-COPY --from=installer /staging/ /
-
-# Workaround for https://github.com/moby/moby/issues/38710
-COPY --from=installer --chown=64198:64198 /staging/home/app /home/app
-
 ENV \
     # UID of the non-root user 'app'
     APP_UID=64198 \
@@ -74,4 +69,9 @@ ENV \
     # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20)
     DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
 
+COPY --from=installer /staging/ /
+
+# Workaround for https://github.com/moby/moby/issues/38710
+COPY --from=installer --chown=64198:64198 /staging/home/app /home/app
+
 USER app

src/runtime-deps/8.0/cbl-mariner2.0/amd64/Dockerfile

@@ -1,5 +1,13 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -12,28 +20,19 @@ RUN tdnf install -y \
         openssl-libs \
         zlib \
     && tdnf clean all
-
 # Create a non-root user and group
 RUN tdnf install -y \
         shadow-utils \
     && groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app \
     && tdnf remove -y \
         shadow-utils \
     && tdnf clean all
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/cbl-mariner2.0/arm64v8/Dockerfile

@@ -1,5 +1,13 @@
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN tdnf install -y \
         ca-certificates \
         \
@@ -12,28 +20,19 @@ RUN tdnf install -y \
         openssl-libs \
         zlib \
     && tdnf clean all
-
 # Create a non-root user and group
 RUN tdnf install -y \
         shadow-utils \
     && groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app \
     && tdnf remove -y \
         shadow-utils \
     && tdnf clean all
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile

@@ -1,4 +1,5 @@
 FROM amd64/golang:1.18 as chisel
+
 RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel
 WORKDIR /opt/chisel
 RUN go generate internal/deb/version.go \
@@ -15,8 +16,8 @@ RUN groupadd \
         --gid=64198 \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=64198 \
+        --gid=64198 \
         --shell /bin/false \
         --system \
         app \

src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile

@@ -1,4 +1,5 @@
 FROM arm32v7/golang:1.18 as chisel
+
 RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel
 WORKDIR /opt/chisel
 RUN go generate internal/deb/version.go \
@@ -15,8 +16,8 @@ RUN groupadd \
         --gid=64198 \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=64198 \
+        --gid=64198 \
         --shell /bin/false \
         --system \
         app \

src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile

@@ -1,4 +1,5 @@
 FROM arm64v8/golang:1.18 as chisel
+
 RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel
 WORKDIR /opt/chisel
 RUN go generate internal/deb/version.go \
@@ -15,8 +16,8 @@ RUN groupadd \
         --gid=64198 \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=64198 \
+        --gid=64198 \
         --shell /bin/false \
         --system \
         app \

src/runtime-deps/8.0/jammy/amd64/Dockerfile

@@ -1,5 +1,13 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/jammy/arm32v7/Dockerfile

@@ -1,5 +1,13 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true

src/runtime-deps/8.0/jammy/arm64v8/Dockerfile

@@ -1,5 +1,13 @@
 FROM ubuntu.azurecr.io/ubuntu:jammy
 
+ENV \
+    # UID of the non-root user 'app'
+    APP_UID=64198 \
+    # Configure web servers to bind to port 8080 when present
+    ASPNETCORE_HTTP_PORTS=8080 \
+    # Enable detection of running in a container
+    DOTNET_RUNNING_IN_CONTAINER=true
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -13,23 +21,14 @@ RUN apt-get update \
         libstdc++6 \
         zlib1g \
     && rm -rf /var/lib/apt/lists/*
-
 # Create a non-root user and group
 RUN groupadd \
         --system \
-        --gid=64198 \
+        --gid=$APP_UID \
         app \
     && useradd -l \
-        --uid 64198 \
-        --gid 64198 \
+        --uid=$APP_UID \
+        --gid=$APP_UID \
         --create-home \
         --system \
         app
-
-ENV \
-    # UID of the non-root user 'app'
-    APP_UID=64198 \
-    # Configure web servers to bind to port 8080 when present
-    ASPNETCORE_HTTP_PORTS=8080 \
-    # Enable detection of running in a container
-    DOTNET_RUNNING_IN_CONTAINER=true