broodjeaap/go-watch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

better security in docker image

Browse source
This commit is contained in:
BroodjeAap 2023-04-09 12:17:03 +00:00
parent 61d7bf378c
commit 4b1d507456
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Dockerfile
View file

@ -7,7 +7,10 @@ COPY go.sum ./
RUN apk add build-base && go mod download RUN apk add build-base && go mod download
COPY . ./ COPY ./models ./models
COPY ./notifiers ./notifiers
COPY ./web ./web
COPY ./main.go ./main.go
RUN GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /gowatch RUN GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /gowatch
@ -16,9 +19,16 @@ FROM alpine AS base
WORKDIR /app WORKDIR /app
COPY --from=builder /gowatch ./gowatch COPY --from=builder /gowatch /app/gowatch
RUN mkdir /config RUN mkdir /config
RUN addgroup -S gowatch && \
adduser -S gowatch -G gowatch && \
chown gowatch:gowatch /app && \
chown gowatch:gowatch /config
USER gowatch
ENV GOWATCH_DATABASE_DSN "/config/database.db" ENV GOWATCH_DATABASE_DSN "/config/database.db"
ENTRYPOINT ["./gowatch"] ENTRYPOINT ["/app/gowatch"]