Use regular user for executing service
This is primarily useful in preventing files generated within shared volumes from being owned by root
This commit is contained in:
parent
baf534ea9a
commit
2c84221816
19
Dockerfile
19
Dockerfile
|
|
@ -1,11 +1,22 @@
|
|||
FROM golang:1.22-alpine
|
||||
|
||||
RUN mkdir /app
|
||||
ENV USER=cert400
|
||||
ENV GROUPNAME=$USER
|
||||
ENV UID=1000
|
||||
ENV GID=1000
|
||||
ENV APP_HOME="/home/cert400/app"
|
||||
|
||||
ADD . /app
|
||||
RUN addgroup --gid "$GID" "$GROUPNAME"
|
||||
RUN adduser --gecos "" --disabled-password --ingroup "$GROUPNAME" --uid "$UID" "$USER"
|
||||
|
||||
WORKDIR /app
|
||||
USER cert400
|
||||
|
||||
RUN mkdir "$APP_HOME"
|
||||
|
||||
ADD . "$APP_HOME"
|
||||
|
||||
WORKDIR "$APP_HOME"
|
||||
|
||||
RUN go build -o main .
|
||||
|
||||
CMD ["/app/main", "server"]
|
||||
CMD ["./main", "server"]
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ networks:
|
|||
driver: bridge
|
||||
|
||||
services:
|
||||
cert400:
|
||||
default:
|
||||
container_name: "cert400"
|
||||
build:
|
||||
context: .
|
||||
|
|
@ -15,4 +15,4 @@ services:
|
|||
networks:
|
||||
- cert400
|
||||
volumes:
|
||||
- ./sample-config/:/root/.config/cert400/
|
||||
- ./sample-config/:/home/cert400/.config/cert400/
|
||||
|
|
|
|||
Loading…
Reference in New Issue