Update Dockerfile

Adding group:user to fix (CIS_Docker_v1.2.0 - 4.1) Image should be created with a non-root user
2024-11-12 05:38:04 +00:00 · 2021-06-15 20:40:39 -07:00 · 2021-06-15 20:40:39 -07:00 · 5df0e49b1e
commit 5df0e49b1e
parent 4a08ca6e29
1 changed files with 7 additions and 0 deletions
--- a/7
+++ b/7
@ -14,12 +14,19 @@ RUN CGO_ENABLED=0 make local build
 # CI tools expect an interactive shell inside the container
 FROM alpine:3.13.5 as production

+RUN mkdir /home/yq/
+RUN addgroup -g 1000 yq && \
+    adduser -u 1000 -G yq -s /bin/bash -h /home/yq -D yq
+RUN chown -R yq:yq /home/yq/
+
 COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
 RUN chmod +x /usr/bin/yq

 ARG VERSION=none
 LABEL version=${VERSION}

+USER yq
+
 WORKDIR /workdir

 ENTRYPOINT ["/usr/bin/yq"]