Switched to non-root container

2020-07-30 09:13:41 +08:00 · 2020-07-30 09:13:41 +08:00 · 2a42b9c19f
commit 2a42b9c19f
parent ed6848bc42
2 changed files with 17 additions and 9 deletions
--- a/24
+++ b/24
@ -1,13 +1,17 @@
 # Base on latest (edge) alpine image
-FROM harbor.ervine.dev/library/x86_64/alpine/alpine:3.12
+FROM harbor.ervine.dev/public/x86_64/alpine:v3.12

-MAINTAINER “Jonathan Ervine” <docker@ervine.org>
+LABEL maintainer="Jonathan Ervine <docker@ervine.org>"

 # Install updates
 ENV LANG='en_US.UTF-8' \
    LANGUAGE='en_US.UTF-8' \
    TERM='xterm' \
    VERSION='0.2.0.1504'
+    RADARR_USER='radarr' \
+    RADARR_GROUP='radarr' \
+    RADARR_UID='1003' \
+    RADARR_GID='1003'

 RUN echo http://dl-4.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories && \
  apk -U update && \
@ -15,12 +19,16 @@ RUN echo http://dl-4.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositorie
  apk -U add libmediainfo ca-certificates mono curl && \
  apk del make gcc g++ && \
  rm -rf /tmp/src && \
-  rm -rf /var/cache/apk/*
-
-ADD start.sh /usr/local/bin/start.sh
-
-RUN curl -SL https://github.com/Radarr/Radarr/releases/download/v$VERSION/Radarr.develop.$VERSION.linux.tar.gz | tar zxv
+  rm -rf /var/cache/apk/* && \
+  curl -SL https://github.com/Radarr/Radarr/releases/download/v$VERSION/Radarr.develop.$VERSION.linux.tar.gz | tar zxv && \
+  addgroup -g $RADARR_GID $RADARR_GROUP && \
+  adduser -D -u $RADARR_UID -G $RADARR_GROUP -H $RADARR_USER && \
+  chown -R $RADARR_USER:$RADARR_GROUP /Radarr

 EXPOSE 7878

-CMD [ "/usr/local/bin/start.sh" ]
+USER $RADARR_USER
+
+WORKDIR /Radarr
+
+CMD [ "/usr/bin/mono", "--debug", "/Radarr/Radarr.exe", "--nobrowser", "--data=/config" ]
--- a/2
+++ b/2
@ -27,7 +27,7 @@ spec:
    stage('Build with Kaniko') {
      git url: 'ssh://git@git.ervine.org/jonny/x86_64-alpine-radarr.git', credentialsId: 'jenkins-to-git'
      container('kaniko') {
-        sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=true --destination=harbor.ervine.dev/library/x86_64/alpine/radarr:0.2.0.1504 --destination=harbor.ervine.dev/library/x86_64/alpine/radarr:0.2'
+        sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=false --destination=harbor.ervine.dev/public/x86_64/alpine/radarr:v0.2.0.1504 --destination=harbor.ervine.dev/public/x86_64/alpine/radarr:v0.2'
      }
    }
  }