[all] Processes are forced to run as root in the container

[pmauduit]

This is due to the fact the the jenkins userid from the host is passed to Docker when creating the image. In the process, this has been bypassed by overriding the --user option: https://github.com/georchestra/ci-jenkinsfiles/blob/master/docker/Jenkinsfile#L7.

Using a non-privileged user in the image should avoid this, as well as some other options that needs to be activated on nodejs: https://github.com/georchestra/georchestra/commit/1e8a729a2606ca7a57a55eadf217368782ae5d06

[pmauduit]

In addition, the --user option used by jenkins forces the isolation onto a gid which makes it very hard to mount / use the docker socket as a non privileged user in the container. either:

• remove the jenkins group in the host, and use the docker group, so that the mapping will be fine when spawning the docker build container.
• map the jenkins group in the container to the docker gid of the host.

I am a bit puzzled ...

[pmauduit]

Another option could be to use a network socket for the docker daemon.

[pmauduit]

Leaving it opened for now, since I've not found a better option and I still consider it as a problem.

[pmauduit]

This also leads to some problems with the testsuite:

Failed

org.georchestra.extractorapp.ws.extractor.ExtractorControllerTest.testValidateConfigUnothaurizedDirectory

Error Message

Unexpected: got: <false>, expected: is <true>
Stacktrace

java.lang.AssertionError: Unexpected: got: <false>, expected: is <true>
    at org.junit.Assert.fail(Assert.java:88)
    at org.georchestra.extractorapp.ws.extractor.ExtractorControllerTest.testValidateConfigUnothaurizedDirectory(ExtractorControllerTest.java:115)

See: https://github.com/georchestra/georchestra/blob/15.12/extractorapp/src/test/java/org/georchestra/extractorapp/ws/extractor/ExtractorControllerTest.java#L86