Skip to content

Commit

Permalink
Fix permission issues with Dockerfile nonroot implementation (#274)
Browse files Browse the repository at this point in the history
  • Loading branch information
tobiasehlert authored Mar 15, 2024
1 parent f64628b commit 67e6ab2
Showing 1 changed file with 13 additions and 12 deletions.
25 changes: 13 additions & 12 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# get golang container
FROM golang:1.22.1
FROM golang:1.22.1 AS builder

# get args
ARG apiVersion=unknown
Expand All @@ -21,23 +21,24 @@ RUN CGO_ENABLED=0 go build -ldflags="-w -s -X 'main.apiVersion=${apiVersion}'" -


# get alpine container
FROM alpine:3.19.1
FROM alpine:3.19.1 AS app

# create nonroot user
RUN addgroup -S nonroot \
&& adduser -S nonroot -G nonroot
# create workdir
WORKDIR /opt/app

# add ca-certificates
# add ca-certificates and tzdata
RUN apk --no-cache add ca-certificates tzdata

# create workdir
WORKDIR /root/
# create nonroot user and group
RUN addgroup -S nonroot && \
adduser -S nonroot -G nonroot && \
chown -R nonroot:nonroot .

# copy binary from first container
COPY --from=0 /go/src/app .
# set user to nonroot
USER nonroot:nonroot

# set user
USER nonroot
# copy binary from builder
COPY --from=builder --chown=nonroot:nonroot --chmod=544 /go/src/app .

# expose port 8080
EXPOSE 8080
Expand Down

0 comments on commit 67e6ab2

Please sign in to comment.