Change docker user to non-root (#9560)
This commit is contained in:
parent
0296f841c3
commit
e1bd61c70e
30
Dockerfile
30
Dockerfile
|
@ -1,4 +1,6 @@
|
||||||
FROM node:18.13.0-bullseye AS builder
|
ARG NODE_VERSION=18.13.0-bullseye
|
||||||
|
|
||||||
|
FROM node:${NODE_VERSION} AS builder
|
||||||
|
|
||||||
ARG NODE_ENV=production
|
ARG NODE_ENV=production
|
||||||
|
|
||||||
|
@ -22,23 +24,29 @@ COPY . ./
|
||||||
RUN git submodule update --init
|
RUN git submodule update --init
|
||||||
RUN yarn build
|
RUN yarn build
|
||||||
|
|
||||||
FROM node:18.13.0-bullseye-slim AS runner
|
FROM node:${NODE_VERSION}-slim AS runner
|
||||||
|
|
||||||
WORKDIR /misskey
|
ARG UID="991"
|
||||||
|
ARG GID="991"
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
ffmpeg tini \
|
ffmpeg tini \
|
||||||
&& apt-get -y clean \
|
&& apt-get -y clean \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& groupadd -g "${GID}" misskey \
|
||||||
|
&& useradd -l -u "${UID}" -g "${GID}" -m -d /misskey misskey
|
||||||
|
|
||||||
COPY --from=builder /misskey/.yarn/install-state.gz ./.yarn/install-state.gz
|
USER misskey
|
||||||
COPY --from=builder /misskey/node_modules ./node_modules
|
WORKDIR /misskey
|
||||||
COPY --from=builder /misskey/built ./built
|
|
||||||
COPY --from=builder /misskey/packages/backend/node_modules ./packages/backend/node_modules
|
COPY --chown=misskey:misskey --from=builder /misskey/.yarn/install-state.gz ./.yarn/install-state.gz
|
||||||
COPY --from=builder /misskey/packages/backend/built ./packages/backend/built
|
COPY --chown=misskey:misskey --from=builder /misskey/node_modules ./node_modules
|
||||||
COPY --from=builder /misskey/packages/frontend/node_modules ./packages/frontend/node_modules
|
COPY --chown=misskey:misskey --from=builder /misskey/built ./built
|
||||||
COPY . ./
|
COPY --chown=misskey:misskey --from=builder /misskey/packages/backend/node_modules ./packages/backend/node_modules
|
||||||
|
COPY --chown=misskey:misskey --from=builder /misskey/packages/backend/built ./packages/backend/built
|
||||||
|
COPY --chown=misskey:misskey --from=builder /misskey/packages/frontend/node_modules ./packages/frontend/node_modules
|
||||||
|
COPY --chown=misskey:misskey . ./
|
||||||
|
|
||||||
ENV NODE_ENV=production
|
ENV NODE_ENV=production
|
||||||
ENTRYPOINT ["/usr/bin/tini", "--"]
|
ENTRYPOINT ["/usr/bin/tini", "--"]
|
||||||
|
|
Loading…
Reference in New Issue