True rootless image
This commit is contained in:
parent
fce175cad6
commit
73f7fbabd3
|
@ -3,8 +3,6 @@
|
||||||
FROM node:16-buster-slim
|
FROM node:16-buster-slim
|
||||||
ARG TARGETPLATFORM
|
ARG TARGETPLATFORM
|
||||||
|
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
# Install Curl
|
# Install Curl
|
||||||
# Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv
|
# Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv
|
||||||
# Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them, make the base even smaller than alpine!
|
# Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them, make the base even smaller than alpine!
|
||||||
|
|
|
@ -1,27 +1,27 @@
|
||||||
FROM louislam/uptime-kuma:base-debian AS build
|
FROM louislam/uptime-kuma:base-debian AS build
|
||||||
|
USER node
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1
|
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1
|
||||||
|
COPY --chown=node:node . .
|
||||||
COPY . .
|
RUN npm ci --production
|
||||||
RUN npm ci --production && \
|
|
||||||
chmod +x /app/extra/entrypoint.sh
|
|
||||||
|
|
||||||
|
|
||||||
FROM louislam/uptime-kuma:base-debian AS release
|
FROM louislam/uptime-kuma:base-debian AS release
|
||||||
|
USER node
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Copy app files from build layer
|
# Copy app files from build layer
|
||||||
COPY --from=build /app /app
|
COPY --chown=node:node --from=build /app /app
|
||||||
|
|
||||||
EXPOSE 3001
|
EXPOSE 3001
|
||||||
VOLUME ["/app/data"]
|
VOLUME ["/app/data"]
|
||||||
HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD node extra/healthcheck.js
|
HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD node extra/healthcheck.js
|
||||||
ENTRYPOINT ["/usr/bin/dumb-init", "--", "extra/entrypoint.sh"]
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||||
CMD ["node", "server/server.js"]
|
CMD ["node", "server/server.js"]
|
||||||
|
|
||||||
|
|
||||||
FROM release AS nightly
|
FROM release AS nightly
|
||||||
|
USER node
|
||||||
RUN npm run mark-as-nightly
|
RUN npm run mark-as-nightly
|
||||||
|
|
||||||
# Build an image for testing pr
|
# Build an image for testing pr
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#!/usr/bin/env sh
|
|
||||||
|
|
||||||
# set -e Exit the script if an error happens
|
|
||||||
set -e
|
|
||||||
PUID=${PUID=0}
|
|
||||||
PGID=${PGID=0}
|
|
||||||
|
|
||||||
files_ownership () {
|
|
||||||
# -h Changes the ownership of an encountered symbolic link and not that of the file or directory pointed to by the symbolic link.
|
|
||||||
# -R Recursively descends the specified directories
|
|
||||||
# -c Like verbose but report only when a change is made
|
|
||||||
chown -hRc "$PUID":"$PGID" /app/data
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "==> Performing startup jobs and maintenance tasks"
|
|
||||||
files_ownership
|
|
||||||
|
|
||||||
echo "==> Starting application with user $PUID group $PGID"
|
|
||||||
|
|
||||||
# --clear-groups Clear supplementary groups.
|
|
||||||
exec setpriv --reuid "$PUID" --regid "$PGID" --clear-groups "$@"
|
|
Loading…
Reference in New Issue