feat: non root

vrenaville · vrenaville · commit 0acde12d563d · 2024-03-27T10:39:39.000+01:00
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
@@ -0,0 +1,39 @@
+name: Test, build and push to github packages
+on:
+  pull_request:
+    branches:
+      - 'master'
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*.*.*'
+
+jobs:
+  build-images:
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set ENV for branch master/main
+        if: ${{ github.ref == 'refs/heads/master' }}
+        run: echo "RELEASE_VERSION=latest" >> $GITHUB_ENV
+      - name: Set ENV for tags
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Set ENV for specific branch
+        if: ${{ startsWith(github.ref, 'refs/heads/') && !endsWith(github.ref, '/master') }}
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}-${GITHUB_SHA}" >> $GITHUB_ENV
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build Image Odoo Healthz
+        uses: docker/build-push-action@v2
+        with:
+          context: ./9.0
+          platforms: linux/amd64
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ env.RELEASE_VERSION }}
diff --git a/9.0/Dockerfile b/9.0/Dockerfile
@@ -1,10 +1,11 @@
-FROM docker.io/nginx:1.25.1-bookworm
-MAINTAINER Camptocamp
+FROM nginxinc/nginx-unprivileged:bookworm 
 
-ADD https://github.com/kelseyhightower/confd/releases/download/v0.11.0/confd-0.11.0-linux-amd64 /usr/local/bin/confd
+ADD --chown=nginx:nginx https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd
 RUN chmod +x /usr/local/bin/confd
-
+USER root
 RUN mkdir -p /etc/confd/{conf.d,templates}
+RUN chown nginx:nginx /etc/confd/{conf.d,templates}
+USER nginx
 COPY conf.d /etc/confd/conf.d
 COPY templates /etc/confd/templates
 COPY docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/9.0/templates/nginx.conf.tmpl b/9.0/templates/nginx.conf.tmpl
@@ -1,9 +1,8 @@
-user  nginx;
 
 worker_rlimit_nofile 1024;
 worker_processes 1;
 
-pid        /var/run/nginx.pid;
+pid        /tmp/nginx.pid;
 error_log  /var/log/nginx/error.log;
 
 events {
