1
0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00

Merge pull request #465 from muety/docker-user

Non-root user for Docker
This commit is contained in:
Ferdinand Mütsch 2023-01-25 12:34:34 +01:00 committed by GitHub
commit dc6985bbb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions

View File

@ -8,3 +8,6 @@ Dockerfile
docker-compose.yml docker-compose.yml
.dockerignore .dockerignore
.git* .git*
node_modules/
testing/*.zip
testing/wakapi

View File

@ -16,7 +16,8 @@ RUN mkdir ./data ./app && \
cp /src/config.default.yml app/config.yml && \ cp /src/config.default.yml app/config.yml && \
sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \ sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \
cp /src/wait-for-it.sh app/ && \ cp /src/wait-for-it.sh app/ && \
cp /src/entrypoint.sh app/ cp /src/entrypoint.sh app/ && \
chown 1000:1000 ./data
# Run Stage # Run Stage
@ -27,7 +28,9 @@ RUN mkdir ./data ./app && \
FROM alpine:3 FROM alpine:3
WORKDIR /app WORKDIR /app
RUN apk add --no-cache bash ca-certificates tzdata RUN addgroup -g 1000 app && \
adduser -u 1000 -G app -s /bin/sh -D app && \
apk add --no-cache bash ca-certificates tzdata
# See README.md and config.default.yml for all config options # See README.md and config.default.yml for all config options
ENV ENVIRONMENT=prod \ ENV ENVIRONMENT=prod \
@ -42,6 +45,7 @@ ENV ENVIRONMENT=prod \
WAKAPI_ALLOW_SIGNUP='true' WAKAPI_ALLOW_SIGNUP='true'
COPY --from=build-env /staging / COPY --from=build-env /staging /
USER app
EXPOSE 3000 EXPOSE 3000