Ana Sayfa Keşfet Yardım
Giriş Yap
kris
/
MusareFork
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

refactor: Use non-root user in docker

Owen Diffey 6 ay önce
ebeveyn
921d909efa
işleme
d89dc1e5fc
2 değiştirilmiş dosya ile 49 ekleme ve 22 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 24 10
      backend/Dockerfile
  2. 25 12
      frontend/Dockerfile

+ 24 - 10
backend/Dockerfile
Dosyayı Görüntüle 

@@ -1,24 +1,38 @@
 
-FROM node:18-alpine AS backend_node_modules
 
+FROM node:18-alpine AS backend_base
 
+
 
+ARG UID=1000
 
+ARG GID=1000
 
+
 
+RUN deluser --remove-home node \
 
+    && addgroup -S -g ${GID} musare \
 
+    && adduser -SD -u ${UID} musare \
 
+    && adduser musare musare
 
+
 
+RUN mkdir -p /opt/.git /opt/types /opt/app \
 
+    && chown -R musare:musare /opt/app
 
+
 
+WORKDIR /opt/app
 
+
 
+USER musare
 
+
 
+FROM backend_base AS backend_node_modules
 
 
 RUN mkdir -p /opt/app
 
 WORKDIR /opt/app
 
 
-COPY backend/package.json backend/package-lock.json /opt/app/
 
+COPY --chown=musare:musare --link backend/package.json backend/package-lock.json /opt/app/
 
 
 RUN npm install
 
 
-FROM node:18-alpine AS musare_backend
 
+FROM backend_base AS musare_backend
 
 
 ARG CONTAINER_MODE=production
 
 ENV CONTAINER_MODE=${CONTAINER_MODE}
 
 
-RUN mkdir -p /opt/.git /opt/types /opt/app
 
-WORKDIR /opt/app
 
-
 
-COPY .git /opt/.git
 
-COPY types /opt/types
 
-COPY backend /opt/app
 
-COPY --from=backend_node_modules /opt/app/node_modules node_modules
 
+COPY --chown=musare:musare --link .git /opt/.git
 
+COPY --chown=musare:musare --link types /opt/types
 
+COPY --chown=musare:musare --link backend /opt/app
 
+COPY --chown=musare:musare --link --from=backend_node_modules /opt/app/node_modules node_modules
 
 
 ENTRYPOINT sh -c '([[ "${CONTAINER_MODE}" == "development" ]] && npm install); npm run docker:dev'

+ 25 - 12
frontend/Dockerfile
Dosyayı Görüntüle 

@@ -1,13 +1,27 @@
 
-FROM node:18-alpine AS frontend_node_modules
 
+FROM node:18-alpine AS frontend_base
 
+
 
+ARG UID=1000
 
+ARG GID=1000
 
+
 
+RUN deluser --remove-home node \
 
+    && addgroup -S -g ${GID} musare \
 
+    && adduser -SD -u ${UID} musare \
 
+    && adduser musare musare
 
+
 
+RUN mkdir -p /opt/.git /opt/types /opt/app /run/nginx \
 
+    && chown -R musare:musare /opt/app
 
 
-RUN mkdir -p /opt/app
 
 WORKDIR /opt/app
 
 
-COPY frontend/package.json frontend/package-lock.json /opt/app/
 
+USER musare
 
+
 
+FROM frontend_base AS frontend_node_modules
 
 
-RUN npm install --silent
 
+COPY --chown=musare:musare --link frontend/package.json frontend/package-lock.json /opt/app/
 
 
-FROM node:18-alpine AS musare_frontend
 
+RUN npm install
 
+
 
+FROM frontend_base AS musare_frontend
 
 
 ARG FRONTEND_MODE=production
 
 ARG FRONTEND_PROD_DEVTOOLS=false
 
@@ -31,15 +45,14 @@ ENV FRONTEND_MODE=${FRONTEND_MODE} \
 
     MUSARE_DEBUG_GIT_LATEST_COMMIT=${MUSARE_DEBUG_GIT_LATEST_COMMIT} \
 
     MUSARE_DEBUG_GIT_LATEST_COMMIT_SHORT=${MUSARE_DEBUG_GIT_LATEST_COMMIT_SHORT}
 
 
+USER root
 
 RUN apk add nginx
 
+USER musare
 
 
-RUN mkdir -p /opt/.git /opt/types /opt/app /run/nginx
 
-WORKDIR /opt/app
 
-
 
-COPY .git /opt/.git
 
-COPY types /opt/types
 
-COPY frontend /opt/app
 
-COPY --from=frontend_node_modules /opt/app/node_modules node_modules
 
+COPY --chown=musare:musare --link .git /opt/.git
 
+COPY --chown=musare:musare --link types /opt/types
 
+COPY --chown=musare:musare --link frontend /opt/app
 
+COPY --chown=musare:musare --from=frontend_node_modules --link /opt/app/node_modules node_modules
 
 
 RUN sh -c '([[ "${FRONTEND_MODE}" == "development" ]] && exit 0) || npm run prod'