feat(docker): do not run container as root #6

Open
pcaseiro wants to merge 4 commits from feat/nonrootuser into develop
2 changed files with 14 additions and 14 deletions

View File

@ -21,11 +21,11 @@ docker-run:
fake-sms:latest fake-sms:latest
docker-release: docker-release:
docker tag fake-sms:latest cadoles/fake-sms:latest docker tag fake-sms:latest reg.cadoles.com/cadoles/fake-sms:latest
docker tag fake-sms:latest cadoles/fake-sms:$(DOCKER_DATE_TAG) docker tag fake-sms:latest reg.cadoles.com/cadoles/fake-sms:$(DOCKER_DATE_TAG)
docker login docker login reg.cadoles.com
docker push cadoles/fake-sms:latest docker push reg.cadoles.com/cadoles/fake-sms:latest
docker push cadoles/fake-sms:$(DOCKER_DATE_TAG) docker push reg.cadoles.com/cadoles/fake-sms:$(DOCKER_DATE_TAG)
test: test:
go test -v -race ./... go test -v -race ./...

View File

@ -1,14 +1,11 @@
FROM golang:1.17 AS build FROM reg.cadoles.com/dh/library/golang:1.22-alpine AS build
ARG HTTP_PROXY= ARG HTTP_PROXY=
ARG HTTPS_PROXY= ARG HTTPS_PROXY=
ARG http_proxy= ARG http_proxy=
ARG https_proxy= ARG https_proxy=
RUN apt-get update && apt-get install -y build-essential git bash curl python2 RUN apk update && apk add --no-cache build-base git bash curl python3 nodejs npm
RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs
COPY . /src COPY . /src
@ -16,19 +13,22 @@ WORKDIR /src
RUN cp -f misc/docker/config-patch.yml misc/release/config-patch.yml RUN cp -f misc/docker/config-patch.yml misc/release/config-patch.yml
RUN go get github.com/krishicks/yaml-patch/cmd/yaml-patch RUN go install github.com/krishicks/yaml-patch/cmd/yaml-patch@v0.0.10
RUN npm install \ RUN npm install \
&& make vendor \ && make vendor \
&& echo "---" > ./misc/release/config-patch.yml \ && echo "---" > ./misc/release/config-patch.yml \
&& make ARCH_TARGETS=amd64 release && make ARCH_TARGETS=amd64 release
FROM busybox FROM busybox
COPY --from=build /src/release/fake-sms-linux-amd64 /app RUN adduser -D -h /app sms
COPY --from=build /src/release/fake-sms-linux-amd64 /app
RUN chown -R sms:sms /app
USER sms
WORKDIR /app WORKDIR /app
RUN mkdir -p /app
CMD ["bin/fake-sms", "--config", "config.yml"] CMD ["bin/fake-sms", "--config", "config.yml"]