Support for non-root container

Added glider user and group to final image. Support for running Glider container as non-root user. Build image is now pinned to Golang 1.16 to avoid future issues when 1.17 is released.
2025-04-21 19:52:07 +08:00 · 2021-04-20 21:17:53 -04:00 · 2021-04-20 21:17:53 -04:00 · 67c3ee47e4
commit 67c3ee47e4
parent f4cbf94d55
1 changed files with 21 additions and 9 deletions
--- a/30
+++ b/30
@ -1,13 +1,25 @@
-# build stage
-FROM golang:alpine AS build-env
-RUN apk --no-cache add build-base git gcc
-ADD . /src
-RUN cd /src && go build -v -ldflags "-s -w"
+# Build Stage
+FROM golang:1.16-alpine AS build-env

-# final stage
+ADD . /src
+
+RUN apk --no-cache add build-base git gcc \
+    && cd /src && go build -v -ldflags "-s -w"
+
+# Final Stage
 FROM alpine
-RUN apk -U upgrade --no-cache && \
-    apk add --no-cache bind-tools ca-certificates
-WORKDIR /app
+
 COPY --from=build-env /src/glider /app/
+
+RUN apk -U upgrade \
+    && apk add bind-tools ca-certificates shadow \
+    && groupadd -g 1000 glider \
+    && useradd -r -u 1000 -g glider glider \
+    && apk del shadow \
+    && chown -R glider:glider /app
+    && apk -v cache clean
+    
+WORKDIR /app
+USER glider
+
 ENTRYPOINT ["./glider"]