1
0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00

docker: add non-root user

This commit is contained in:
Steven Tang 2023-01-25 21:56:54 +11:00
parent 391a53972b
commit b04a84ee5a
No known key found for this signature in database
GPG Key ID: 1597520C734BAE66

View File

@ -16,7 +16,8 @@ RUN mkdir ./data ./app && \
cp /src/config.default.yml app/config.yml && \ cp /src/config.default.yml app/config.yml && \
sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \ sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \
cp /src/wait-for-it.sh app/ && \ cp /src/wait-for-it.sh app/ && \
cp /src/entrypoint.sh app/ cp /src/entrypoint.sh app/ && \
chown 1000:1000 ./data
# Run Stage # Run Stage
@ -27,7 +28,9 @@ RUN mkdir ./data ./app && \
FROM alpine:3 FROM alpine:3
WORKDIR /app WORKDIR /app
RUN apk add --no-cache bash ca-certificates tzdata RUN addgroup -g 1000 app && \
adduser -u 1000 -G app -s /bin/sh -D app && \
apk add --no-cache bash ca-certificates tzdata
# See README.md and config.default.yml for all config options # See README.md and config.default.yml for all config options
ENV ENVIRONMENT=prod \ ENV ENVIRONMENT=prod \
@ -42,6 +45,7 @@ ENV ENVIRONMENT=prod \
WAKAPI_ALLOW_SIGNUP='true' WAKAPI_ALLOW_SIGNUP='true'
COPY --from=build-env /staging / COPY --from=build-env /staging /
USER app
EXPOSE 3000 EXPOSE 3000