Set Docker permissions during the build process (#6514)

* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown
2018-02-20 17:25:01 +01:00 · 2018-02-20 17:25:01 +01:00 · be9bab171d
commit be9bab171d
parent 7124881273
2 changed files with 9 additions and 21 deletions
--- a/16
+++ b/16
@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7
 LABEL maintainer="https://github.com/tootsuite/mastodon" \
      description="A GNU Social-compatible microblogging server"

-ENV UID=991 GID=991 \
-    RAILS_SERVE_STATIC_FILES=true \
+ARG UID=991
+ARG GID=991
+
+ENV RAILS_SERVE_STATIC_FILES=true \
    RAILS_ENV=production NODE_ENV=production

 ARG YARN_VERSION=1.3.2
@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in
 && yarn --pure-lockfile \
 && yarn cache clean

-COPY . /mastodon
+RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon

-COPY docker_entrypoint.sh /usr/local/bin/run
-
-RUN chmod +x /usr/local/bin/run
+COPY --chown=${UID}:${GID} . /mastodon

 VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs

-ENTRYPOINT ["/usr/local/bin/run"]
+USER mastodon
+
+ENTRYPOINT ["/sbin/tini", "--"]