tyler.durden
/
dashy
mirror of https://github.com/Lissy93/dashy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

️ Merge pull request #501 from Lissy93/revert-495-master 

[REVERRT] Add group and user in dockerfile to run container as unprivileged
Fixes: #499
This commit is contained in:
Alicia Sykes 2022-02-20 12:02:25 +00:00 committed by GitHub
parent 57bbee70c5 4701eedc3b
commit f2c5de73bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Dockerfile
View File

@ -30,32 +30,16 @@ FROM node:16.13.2-alpine
# Define some ENV Vars # Define some ENV Vars
ENV PORT=80 \ ENV PORT=80 \
DIRECTORY=/app \ DIRECTORY=/app \
IS_DOCKER=true \ IS_DOCKER=true
USER=docker \
UID=12345 \
GID=23456
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini \
# Add group
&& addgroup --gid ${GID} "${USER}" \
# Add user
&& adduser \
--disabled-password \
--ingroup "${USER}" \
--gecos "" \
--home "${DIRECTORY}" \
--no-create-home \
--uid "$UID" \
"$USER"
USER ${USER}
# Create and set the working directory # Create and set the working directory
WORKDIR ${DIRECTORY} WORKDIR ${DIRECTORY}
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini
# Copy built application from build phase # Copy built application from build phase
COPY --from=BUILD_IMAGE --chown=${USER}:${USER} /app ./ COPY --from=BUILD_IMAGE /app ./
# Finally, run start command to serve up the built application # Finally, run start command to serve up the built application
ENTRYPOINT [ "/sbin/tini", "--" ] ENTRYPOINT [ "/sbin/tini", "--" ]