opdavies/build-configs
1
0
Fork 0
mirror of https://github.com/opdavies/build-configs.git synced 2025-02-02 13:57:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: use a non-root Docker user

Browse source 
Create a non-root `app` user within Docker that maps to default user
(uid 1000) on Linux-based systems.

Refs #10
This commit is contained in:
Oliver Davies 2023-02-19 12:58:51 +00:00
parent 1fb75c9d93
commit d66f34480a
2 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
templates/Dockerfile.twig
View file

@ -3,17 +3,27 @@ FROM php:{{ php.version }} AS base
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
RUN which composer && composer -V RUN which composer && composer -V
ARG DOCKER_UID=1000
ENV DOCKER_UID="${DOCKER_UID}"
WORKDIR /app WORKDIR /app
RUN adduser --disabled-password --uid "${DOCKER_UID}" app \
&& chown app:app -R /app
USER app
ENV PATH="${PATH}:/app/vendor/bin" ENV PATH="${PATH}:/app/vendor/bin"
COPY composer.* ./ COPY --chown=app:app composer.* ./
{% if dockerfile.stages.build %} {% if dockerfile.stages.build %}
################################################################################ ################################################################################
FROM {{ dockerfile.stages.build.extends }} AS build FROM {{ dockerfile.stages.build.extends }} AS build
USER root
{% if dockerfile.stages.build.packages %} {% if dockerfile.stages.build.packages %}
RUN apt-get update -yqq \ RUN apt-get update -yqq \
&& apt-get install -yqq --no-install-recommends \ && apt-get install -yqq --no-install-recommends \
@ -25,15 +35,17 @@ RUN docker-php-ext-install {{ dockerfile.stages.build.extensions.install | join(
{% endif %} {% endif %}
{% for directory in dockerfile.stages.build.extra_directories %} {% for directory in dockerfile.stages.build.extra_directories %}
COPY {{ directory }} {{ directory }} COPY --chown=app:app {{ directory }} {{ directory }}
{% endfor %} {% endfor %}
USER app
{% for command in dockerfile.stages.build.commands %} {% for command in dockerfile.stages.build.commands %}
RUN {{ command }} RUN {{ command }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
COPY tools/docker/images/php/root / COPY --chown=app:app tools/docker/images/php/root /
ENTRYPOINT ["/usr/local/bin/docker-entrypoint-php"] ENTRYPOINT ["/usr/local/bin/docker-entrypoint-php"]
CMD ["php-fpm"] CMD ["php-fpm"]
@ -43,7 +55,7 @@ CMD ["php-fpm"]
FROM {{ dockerfile.stages.test.extends }} AS test FROM {{ dockerfile.stages.test.extends }} AS test
COPY . . COPY --chown=app:app . .
RUN {% for command in dockerfile.stages.test.commands -%} RUN {% for command in dockerfile.stages.test.commands -%}
{% if not loop.first %} && {% endif %} {% if not loop.first %} && {% endif %}

2
templates/env.example.twig
View file

@ -1,3 +1,5 @@
DOCKER_UID=1000
{% if dockerCompose %} {% if dockerCompose %}
export COMPOSE_PROJECT_NAME={{ name }} export COMPOSE_PROJECT_NAME={{ name }}
export COMPOSE_PROFILES=web,php,database export COMPOSE_PROFILES=web,php,database