Merge branch 'true-rootless' into mariadb

# Conflicts:
#	docker/dockerfile
This commit is contained in:
Louis Lam 2023-02-04 18:40:39 +08:00
commit 33d9c1bbb1
3 changed files with 8 additions and 30 deletions

View File

@ -3,8 +3,6 @@
FROM node:18-buster-slim FROM node:18-buster-slim
ARG TARGETPLATFORM ARG TARGETPLATFORM
WORKDIR /app
# Install Curl # Install Curl
# Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv # Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv
# Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them. # Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them.

View File

@ -12,28 +12,28 @@ FROM louislam/uptime-kuma:base2 AS build
WORKDIR /app WORKDIR /app
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1
COPY .npmrc .npmrc COPY --chown=node:node .npmrc .npmrc
COPY package.json package.json COPY --chown=node:node package.json package.json
COPY package-lock.json package-lock.json COPY --chown=node:node package-lock.json package-lock.json
RUN npm ci --omit=dev RUN npm ci --omit=dev
COPY . . COPY . .
COPY --from=build_healthcheck /app/extra/healthcheck /app/extra/healthcheck COPY --chown=node:node --from=build_healthcheck /app/extra/healthcheck /app/extra/healthcheck
RUN chmod +x /app/extra/entrypoint.sh
############################################ ############################################
# ⭐ Main Image (Slim) # ⭐ Main Image (Slim)
############################################ ############################################
FROM louislam/uptime-kuma:base2 AS release-slim FROM louislam/uptime-kuma:base2 AS release-slim
USER node
WORKDIR /app WORKDIR /app
# Copy app files from build layer # Copy app files from build layer
COPY --from=build /app /app COPY --chown=node:node --from=build /app /app
EXPOSE 3001 EXPOSE 3001
VOLUME ["/app/data"] VOLUME ["/app/data"]
HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD extra/healthcheck HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD extra/healthcheck
ENTRYPOINT ["/usr/bin/dumb-init", "--", "extra/entrypoint.sh"] ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["node", "server/server.js"] CMD ["node", "server/server.js"]
############################################ ############################################
@ -52,6 +52,7 @@ RUN apt update && \
# Mark as Nightly # Mark as Nightly
############################################ ############################################
FROM release AS nightly FROM release AS nightly
USER node
RUN npm run mark-as-nightly RUN npm run mark-as-nightly
############################################ ############################################

View File

@ -1,21 +0,0 @@
#!/usr/bin/env sh
# set -e Exit the script if an error happens
set -e
PUID=${PUID=0}
PGID=${PGID=0}
files_ownership () {
# -h Changes the ownership of an encountered symbolic link and not that of the file or directory pointed to by the symbolic link.
# -R Recursively descends the specified directories
# -c Like verbose but report only when a change is made
chown -hRc "$PUID":"$PGID" /app/data
}
echo "==> Performing startup jobs and maintenance tasks"
files_ownership
echo "==> Starting application with user $PUID group $PGID"
# --clear-groups Clear supplementary groups.
exec setpriv --reuid "$PUID" --regid "$PGID" --clear-groups "$@"