From 987208dd0375a967e89fe598426c6547a35f9b7b Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Mon, 26 Feb 2024 11:54:51 +0100 Subject: [PATCH] feat(docker): do not run container as root Using a non root user to execute the application. We don't need to be root --- misc/docker/Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/misc/docker/Dockerfile b/misc/docker/Dockerfile index dbd2e4a..62b5840 100644 --- a/misc/docker/Dockerfile +++ b/misc/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.17 AS build +FROM reg.cadoles.com/dh/library/golang:1.17 AS build ARG HTTP_PROXY= ARG HTTPS_PROXY= @@ -23,12 +23,15 @@ RUN npm install \ && echo "---" > ./misc/release/config-patch.yml \ && make ARCH_TARGETS=amd64 release + FROM busybox -COPY --from=build /src/release/fake-sms-linux-amd64 /app +RUN adduser -D -h /app sms +COPY --from=build /src/release/fake-sms-linux-amd64 /app +RUN chown -R sms:sms /app + +USER sms WORKDIR /app -RUN mkdir -p /app - CMD ["bin/fake-sms", "--config", "config.yml"] \ No newline at end of file