.NET 8 preview 6 containers do not run as app user

[wazzamatazz]

I have an ASP.NET Core application targeting .NET 8 with a container image built using the DefaultContainer profile.

Since updating to preview 6 of the SDK I've noticed that the application no longer runs as the app user. I initially thought that it was an issue with the base image but I've found that I can only replicate it when building the container image using the SDK publish profile.

I think it's related to this change to the app user UID in the base image as there is still an open issue here about the UID being hard-coded in places instead of using the APP_UID variable.

The workaround is to explicity run the container as UID 1654.

[mthalman]

The issue is here: https://github.com/dotnet/sdk/blob/9e5c47e2bd7fe2d58ff6a7a666086b5ea7e8fd67/src/Containers/packaging/build/Microsoft.NET.Build.Containers.targets#L115-L116

This needs to change to 1654 because of the change in https://github.com/dotnet/dotnet-docker/pull/4715.

[baronfel]

More broadly we need to do processing of environment variables during image construction and programmatically set the user if we see the new environment variables, instead of hard coding it as we do now This is similar to what we need to do for ASPNETCORE_URLS and Container ports, which I wrote up yesterday.