docker: Upgrade base alpine packages, run glider as non-root (#314)

2025-02-23 01:15:41 +08:00 · 2022-03-10 22:48:22 -05:00 · 2022-03-10 22:48:22 -05:00 · 1b972af52c
commit 1b972af52c
parent c9c2ce995f
1 changed files with 13 additions and 3 deletions
--- a/.Dockerfile
+++ b/.Dockerfile
@ -23,7 +23,17 @@ RUN arch="$(apk --print-arch)"; \
    rm /dist -rf

 FROM alpine
-RUN apk add --no-cache ca-certificates
-COPY --from=build-env /app /app
+
 WORKDIR /app
+COPY --from=build-env /app /app
+
+RUN apk -U upgrade --no-cache \
+    && apk --no-cache add ca-certificates shadow \
+    && groupadd -g 1000 glider \
+    && useradd -r -u 1000 -g glider glider \
+    && apk --no-cache del shadow \
+    && chown -R glider:glider /app \
+    && chmod +x /app/glider
+    
+USER glider
 ENTRYPOINT ["./glider"]