File tree Expand file tree Collapse file tree 1 file changed +29
-19
lines changed
Expand file tree Collapse file tree 1 file changed +29
-19
lines changed Original file line number Diff line number Diff line change 55# Apply security patches
66# hadolint ignore=DL3018
77RUN echo 'http://dl-3.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories \
8- && echo 'http://dl-3.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \
9- && apk add --no-cache \
10- bash \
11- curl \
12- libressl \
13- mariadb-client \
14- mongodb-tools \
15- mysql \
16- postgresql \
17- tini \
18- && apk add --upgrade --no-cache \
19- db \
20- expat \
21- freetype \
22- fontconfig \
23- libpng \
24- ncurses \
25- zlib
8+ && echo 'http://dl-3.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \
9+ && apk add --no-cache \
10+ bash \
11+ curl \
12+ libressl \
13+ mariadb-client \
14+ mongodb-tools \
15+ mysql \
16+ postgresql \
17+ tini \
18+ && apk add --upgrade --no-cache \
19+ db \
20+ expat \
21+ freetype \
22+ fontconfig \
23+ libpng \
24+ ncurses \
25+ zlib
2626
2727# RUN curl -sL https://sentry.io/get-cli/ | bash
2828
@@ -35,7 +35,17 @@ RUN python -m pip install --upgrade pip
3535RUN pip install setuptools==57.5.0
3636RUN pip install -r ./requirements.txt
3737
38- COPY ./docker-entrypoint.sh /
38+ # install sudo as root
39+ RUN apk add --no-cache --update sudo
40+
41+ # add new user
42+ RUN adduser -D myapp \
43+ && echo "myapp ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/myapp \
44+ && chmod 0440 /etc/sudoers.d/myapp
45+
46+ COPY --chown=myapp ./docker-entrypoint.sh /
47+ RUN mkdir /backups && chown myapp /backups
48+ USER myapp
3949
4050VOLUME ["/backups" ]
4151ENTRYPOINT ["/sbin/tini" , "--" ]
You can’t perform that action at this time.
0 commit comments