From 41240f5a1f9db73bc74e65ee6dd423cb3ae0cd31 Mon Sep 17 00:00:00 2001 From: Dzianis Andreyenka Date: Tue, 23 Apr 2024 16:52:08 +0200 Subject: [PATCH 1/2] Create a non-root user for a docker container Signed-off-by: Dzianis Andreyenka --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7a1d2ce..a5b6155 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,12 @@ FROM golang:1.21-alpine3.19 AS builder RUN apk add make ARG BUILD_VERSION ENV BUILD_VERSION=${BUILD_VERSION} -ADD . /tezosconnect +ADD --chown=1001:0 . /tezosconnect WORKDIR /tezosconnect +RUN mkdir /.cache \ + && chgrp -R 0 /.cache \ + && chmod -R g+rwX /.cache +USER 1001 RUN make # Copy the migrations from FFTM down into our local migrations directory @@ -12,13 +16,16 @@ RUN DB_MIGRATIONS_DIR=$(go list -f '{{.Dir}}' github.com/hyperledger/firefly-tra FROM debian:buster-slim WORKDIR /tezosconnect +RUN chgrp -R 0 /tezosconnect \ + && chmod -R g+rwX /tezosconnect RUN apt update -y \ && apt install -y curl jq \ && rm -rf /var/lib/apt/lists/* \ && curl -sL "https://github.com/golang-migrate/migrate/releases/download/$(curl -sL https://api.github.com/repos/golang-migrate/migrate/releases/latest | jq -r '.name')/migrate.linux-amd64.tar.gz" | tar xz \ && chmod +x ./migrate \ && mv ./migrate /usr/bin/migrate -COPY --from=builder /tezosconnect/firefly-tezosconnect /usr/bin/tezosconnect -COPY --from=builder /tezosconnect/db/ /tezosconnect/db/ +COPY --from=builder --chown=1001:0 /tezosconnect/firefly-tezosconnect /usr/bin/tezosconnect +COPY --from=builder --chown=1001:0 /tezosconnect/db/ /tezosconnect/db/ +USER 1001 ENTRYPOINT [ "/usr/bin/tezosconnect" ] From d6b625ba99f71158ce0a3ad3e576233661ce2b6b Mon Sep 17 00:00:00 2001 From: Dzianis Andreyenka Date: Wed, 24 Apr 2024 15:37:47 +0200 Subject: [PATCH 2/2] Add exec file to dockerignore Signed-off-by: Dzianis Andreyenka --- .dockerignore | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index a275958..480dde6 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,6 @@ # IDE configs .vscode -.idea \ No newline at end of file +.idea + +# Compiled output +firefly-tezosconnect \ No newline at end of file