Skip to content

Commit

Permalink
Run as non-root
Browse files Browse the repository at this point in the history
Closes #196
  • Loading branch information
iaindillingham committed Jan 18, 2024
1 parent fe52f34 commit 0097dd2
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
7 changes: 7 additions & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,9 @@ LABEL org.opencontainers.image.created=$BUILD_DATE
ARG GITREF=unknown
LABEL org.opencontainers.image.revision=$GITREF

ARG USERID=10005
ARG GROUPID=10005
USER ${USERID}:${GROUPID}

##################################################
#
Expand All @@ -173,3 +176,7 @@ RUN --mount=type=cache,target=/root/.cache \

# Override ENTRYPOINT rather than CMD so we can pass arbitrary commands to the entrypoint script
ENTRYPOINT ["/app/docker/entrypoints/dev.sh"]

ARG USERID
ARG GROUPID
USER ${USERID}:${GROUPID}
6 changes: 6 additions & 0 deletions docker/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,17 @@ services:
build:
# the dev stage in the Dockerfile
target: actions-registry-dev
# pass the uid/gid as build arg
args:
- USERID=${DEV_USERID:-1000}
- GROUPID=${DEV_GROUPID:-1000}
# paths relative to docker-compose.yaml file
env_file:
- ../.env
volumes:
- ..:/app
# provides a persistant inspectable cache for staticfiles
- ./staticfiles:/opt/staticfiles
# override command
command: python manage.py runserver 0.0.0.0:8000

Expand Down
6 changes: 3 additions & 3 deletions docker/justfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
export DOCKER_USERID := `id -u`
export DOCKER_GROUPID := `id -g`

# Load .env files by default
set dotenv-load := true

export DEV_USERID := `id -u`
export DEV_GROUPID := `id -g`

# enable modern docker build features
export DOCKER_BUILDKIT := "1"
export COMPOSE_DOCKER_CLI_BUILD := "1"
Expand Down

0 comments on commit 0097dd2

Please sign in to comment.