Use regular user for executing service
This is primarily useful in preventing files generated within shared volumes from being owned by root
This commit is contained in:
parent
baf534ea9a
commit
2c84221816
19
Dockerfile
19
Dockerfile
|
|
@ -1,11 +1,22 @@
|
||||||
FROM golang:1.22-alpine
|
FROM golang:1.22-alpine
|
||||||
|
|
||||||
RUN mkdir /app
|
ENV USER=cert400
|
||||||
|
ENV GROUPNAME=$USER
|
||||||
|
ENV UID=1000
|
||||||
|
ENV GID=1000
|
||||||
|
ENV APP_HOME="/home/cert400/app"
|
||||||
|
|
||||||
ADD . /app
|
RUN addgroup --gid "$GID" "$GROUPNAME"
|
||||||
|
RUN adduser --gecos "" --disabled-password --ingroup "$GROUPNAME" --uid "$UID" "$USER"
|
||||||
|
|
||||||
WORKDIR /app
|
USER cert400
|
||||||
|
|
||||||
|
RUN mkdir "$APP_HOME"
|
||||||
|
|
||||||
|
ADD . "$APP_HOME"
|
||||||
|
|
||||||
|
WORKDIR "$APP_HOME"
|
||||||
|
|
||||||
RUN go build -o main .
|
RUN go build -o main .
|
||||||
|
|
||||||
CMD ["/app/main", "server"]
|
CMD ["./main", "server"]
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ networks:
|
||||||
driver: bridge
|
driver: bridge
|
||||||
|
|
||||||
services:
|
services:
|
||||||
cert400:
|
default:
|
||||||
container_name: "cert400"
|
container_name: "cert400"
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
|
|
@ -15,4 +15,4 @@ services:
|
||||||
networks:
|
networks:
|
||||||
- cert400
|
- cert400
|
||||||
volumes:
|
volumes:
|
||||||
- ./sample-config/:/root/.config/cert400/
|
- ./sample-config/:/home/cert400/.config/cert400/
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue