diff --git a/docker/debian-base.dockerfile b/docker/debian-base.dockerfile index e4430100..543f52bc 100644 --- a/docker/debian-base.dockerfile +++ b/docker/debian-base.dockerfile @@ -3,8 +3,6 @@ FROM node:18-buster-slim ARG TARGETPLATFORM -WORKDIR /app - # Install Curl # Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv # Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them. diff --git a/docker/dockerfile b/docker/dockerfile index 537b16d1..a5f4ed8a 100644 --- a/docker/dockerfile +++ b/docker/dockerfile @@ -12,28 +12,28 @@ FROM louislam/uptime-kuma:base2 AS build WORKDIR /app ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 -COPY .npmrc .npmrc -COPY package.json package.json -COPY package-lock.json package-lock.json +COPY --chown=node:node .npmrc .npmrc +COPY --chown=node:node package.json package.json +COPY --chown=node:node package-lock.json package-lock.json RUN npm ci --omit=dev COPY . . -COPY --from=build_healthcheck /app/extra/healthcheck /app/extra/healthcheck -RUN chmod +x /app/extra/entrypoint.sh +COPY --chown=node:node --from=build_healthcheck /app/extra/healthcheck /app/extra/healthcheck ############################################ # ⭐ Main Image (Slim) ############################################ FROM louislam/uptime-kuma:base2 AS release-slim +USER node WORKDIR /app # Copy app files from build layer -COPY --from=build /app /app +COPY --chown=node:node --from=build /app /app EXPOSE 3001 VOLUME ["/app/data"] HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD extra/healthcheck -ENTRYPOINT ["/usr/bin/dumb-init", "--", "extra/entrypoint.sh"] +ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["node", "server/server.js"] ############################################ @@ -52,6 +52,7 @@ RUN apt update && \ # Mark as Nightly ############################################ FROM release AS nightly +USER node RUN npm run mark-as-nightly ############################################ diff --git a/extra/entrypoint.sh b/extra/entrypoint.sh deleted file mode 100644 index 23c4f017..00000000 --- a/extra/entrypoint.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env sh - -# set -e Exit the script if an error happens -set -e -PUID=${PUID=0} -PGID=${PGID=0} - -files_ownership () { - # -h Changes the ownership of an encountered symbolic link and not that of the file or directory pointed to by the symbolic link. - # -R Recursively descends the specified directories - # -c Like verbose but report only when a change is made - chown -hRc "$PUID":"$PGID" /app/data -} - -echo "==> Performing startup jobs and maintenance tasks" -files_ownership - -echo "==> Starting application with user $PUID group $PGID" - -# --clear-groups Clear supplementary groups. -exec setpriv --reuid "$PUID" --regid "$PGID" --clear-groups "$@"