Use regular user for executing service

Praise modular copy-pasteable designs
2024-06-11 10:00:28 +02:00 · 2024-06-11 10:00:28 +02:00 · fe6d3a7f7c
parent 3194998503
commit fe6d3a7f7c
2 changed files with 17 additions and 7 deletions
--- a/19
+++ b/19
@ -1,11 +1,22 @@
 FROM golang:1.22-alpine

-RUN mkdir /app
+ENV USER=tiamat
+ENV GROUPNAME=$USER
+ENV UID=1000
+ENV GID=1000
+ENV APP_HOME="/home/tiamat/app"

-ADD . /app
+RUN addgroup --gid "$GID" "$GROUPNAME"
+RUN adduser --gecos "" --disabled-password --ingroup "$GROUPNAME" --uid "$UID" "$USER"

-WORKDIR /app
+USER "$USER"
+
+RUN mkdir "$APP_HOME"
+
+ADD . "$APP_HOME"
+
+WORKDIR "$APP_HOME"

 RUN go build -o main .

-CMD ["/app/main", "server"]
+CMD ["./main", "server"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,9 +5,8 @@ networks:
    driver: bridge

 services:
-  tiamat:
+  default:
    container_name: "tiamat"
-    #image: "tiamat"
    build:
      context: .
      dockerfile: "Dockerfile"
@ -17,4 +16,4 @@ services:
    networks:
      - tiamat
    volumes:
-      - ./sample-config/:/root/.config/tiamat/
+      - ./sample-config/:/home/tiamat/.config/tiamat/