Adjust Docker setup to run Rails without root

This commit is contained in:
Andreas Nedbal 2020-12-25 01:18:48 +01:00 committed by Andreas Nedbal
parent d5f61239ce
commit 388d34c9ce
1 changed files with 17 additions and 3 deletions

View File

@ -1,5 +1,10 @@
FROM ruby:2.7 FROM ruby:2.7
USER root
ARG UID=1000
ARG GID=1000
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
@ -14,9 +19,20 @@ RUN apt-get update -qq \
yarn \ yarn \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN mkdir /app RUN mkdir /app \
&& mkdir /cache
WORKDIR /app WORKDIR /app
RUN addgroup --gid ${GID} app \
&& adduser --gecos "" --disabled-password --shell /bin/bash --uid ${UID} --gid ${GID} app \
&& chown "${UID}:${GID}" -R /app/ \
&& chown "${UID}:${GID}" -R /cache/
COPY .docker/entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
USER app:app
ADD Gemfile* /app/ ADD Gemfile* /app/
RUN bundle install --jobs=$(nproc) RUN bundle install --jobs=$(nproc)
RUN gem install ruby-debug-ide RUN gem install ruby-debug-ide
@ -27,8 +43,6 @@ RUN yarn install
COPY . /app COPY . /app
COPY .docker/entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"] ENTRYPOINT ["entrypoint.sh"]
EXPOSE 3000 EXPOSE 3000