suyiiyii/yq
1
0
Fork 0
mirror of https://github.com/mikefarah/yq.git synced 2024-11-12 05:38:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Dockerfile

Browse Source 
Adding group:user to fix (CIS_Docker_v1.2.0 - 4.1) Image should be created with a non-root user
This commit is contained in:
Daniel Vystrcil 2021-06-15 20:40:39 -07:00 committed by Mike Farah
parent 4a08ca6e29
commit 5df0e49b1e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile
View File

@ -14,12 +14,19 @@ RUN CGO_ENABLED=0 make local build
# CI tools expect an interactive shell inside the container # CI tools expect an interactive shell inside the container
FROM alpine:3.13.5 as production FROM alpine:3.13.5 as production
RUN mkdir /home/yq/
RUN addgroup -g 1000 yq && \
adduser -u 1000 -G yq -s /bin/bash -h /home/yq -D yq
RUN chown -R yq:yq /home/yq/
COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
RUN chmod +x /usr/bin/yq RUN chmod +x /usr/bin/yq
ARG VERSION=none ARG VERSION=none
LABEL version=${VERSION} LABEL version=${VERSION}
USER yq
WORKDIR /workdir WORKDIR /workdir
ENTRYPOINT ["/usr/bin/yq"] ENTRYPOINT ["/usr/bin/yq"]