feat(docker): Create non-root clp-user; Move USER and ENV directives after flattening (fixes #1379); Reduce layers using multi-line ENV (fixes #1378).

tools/docker-images/clp-package/Dockerfile

@@ -12,15 +12,18 @@ RUN ./setup-scripts/install-prebuilt-packages.sh \
 RUN apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+# Flatten the image
+FROM scratch
+COPY --link --from=base / /
+
 ENV CLP_HOME="/opt/clp"
 ENV PATH="${CLP_HOME}/bin:${PATH}"
-ENV PATH="${CLP_HOME}/sbin:${PATH}"
-ENV PYTHONPATH="${CLP_HOME}/lib/python3/site-packages"
+ENV PATH="${CLP_HOME}/sbin:${PATH}" \
+    PYTHONPATH="${CLP_HOME}/lib/python3/site-packages" \
+    USER="clp-user"
 
-USER 1000:1000
+COPY --link ./build/clp-package ${CLP_HOME}
 
-COPY --link ./build/clp-package /opt/clp
-
-# Flatten the image
-FROM scratch
-COPY --link --from=base / /
+RUN useradd --uid 1000 --shell /bin/bash --home-dir ${CLP_HOME} ${USER}
+USER ${USER}
+WORKDIR ${CLP_HOME}