Run as non-root

Dockerfile

@@ -1,19 +1,26 @@
 FROM debian:buster-slim
 
-MAINTAINER “Jonathan Ervine” <docker@ervine.org>
+LABEL maintainer="Jonathan Ervine <docker@ervine.org>"
 
 # Set ENV variables
-ENV VERSION='1.16.1.02'
+ENV VERSION='1.16.1.02' \
+    BEDROCK_USER='bedrock' \
+    BEDROCK_UID='1003'
 
 # Install updates
 
-RUN apt update && apt upgrade -y
+RUN apt update && apt upgrade -y && \
-RUN apt install unzip curl -y
+    apt install unzip curl -y && \
-RUN mkdir /bedrock && cd /bedrock && curl -LO https://minecraft.azureedge.net/bin-linux/bedrock-server-$VERSION.zip && unzip bedrock-server-$VERSION.zip && rm bedrock-server-$VERSION.zip
+    mkdir /bedrock && cd /bedrock && \
+    curl -LO https://minecraft.azureedge.net/bin-linux/bedrock-server-$VERSION.zip && unzip bedrock-server-$VERSION.zip && \ 
+    rm bedrock-server-$VERSION.zip && \
+    addgroup $BEDROCK_USER && \
+    adduser --no-create-home --uid $BEDROCK_UID --ingroup $BEDROCK_USER --disabled-password --quiet --shell /bin/bash --gecos bedrock $BEDROCK_USER && \
+    chown -R $BEDROCK_USER:$BEDROCK_USER /bedrock
 
 ADD start.sh /usr/local/bin/
 
-EXPOSE 19133
+EXPOSE 19132 19132/udp
 VOLUME config
 
 CMD [ "/usr/local/bin/start.sh" ]

Jenkinsfile

@@ -27,7 +27,7 @@ spec:
     stage('Build with Kaniko') {
       git url: 'ssh://git@git.ervine.org/jonny/x86_64-debian-bedrock.git', credentialsId: 'jenkins-to-git'
       container('kaniko') {
-        sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=true --destination=harbor.ervine.dev/library/x86_64/debian/bedrock:latest --destination=harbor.ervine.dev/library/x86_64/debian/bedrock:1.16.1.02'
+        sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=false --destination=harbor.ervine.dev/public/x86_64/debian/bedrock:latest --destination=harbor.ervine.dev/public/x86_64/debian/bedrock:1.16.1.02'
       }
     }
   }