commit be3d999c21850425cd5fb573726941e780950370
parent 67106c9dc4b2139878ba1fc44ef268f0a4efd804
Author: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sat, 19 Nov 2022 10:18:01 +0100
[chore] Little Dockerfile updates (#1071)
* [chore] Little Dockerfile updates
* update comment on USER directive (thanks chris)
Diffstat:
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,6 @@
# syntax=docker/dockerfile:1.3
+# Dockerfile reference: https://docs.docker.com/engine/reference/builder/
+
# stage 1: generate up-to-date swagger.yaml to put in the final container
FROM --platform=${BUILDPLATFORM} quay.io/goswagger/swagger:v0.30.0 AS swagger
@@ -20,6 +22,20 @@ RUN yarn install --cwd web/source && \
# stage 3: build the executor container
FROM --platform=${TARGETPLATFORM} alpine:3.15.4 as executor
+# switch to non-root user:group for GtS
+USER 1000:1000
+
+# Because we're doing multi-arch builds we can't easily do `RUN mkdir [...]`
+# but we can hack around that by having docker's WORKDIR make the dirs for
+# us, as the user created above.
+#
+# See https://docs.docker.com/engine/reference/builder/#workdir
+#
+# First make sure storage exists + is owned by 1000:1000, then go back
+# to just /gotosocial, where we'll run from
+WORKDIR "/gotosocial/storage"
+WORKDIR "/gotosocial"
+
# copy the dist binary created by goreleaser or build.sh
COPY --chown=1000:1000 gotosocial /gotosocial/gotosocial
@@ -27,5 +43,5 @@ COPY --chown=1000:1000 gotosocial /gotosocial/gotosocial
COPY --chown=1000:1000 --from=bundler web /gotosocial/web
COPY --chown=1000:1000 --from=swagger /go/src/github.com/superseriousbusiness/gotosocial/swagger.yaml web/assets/swagger.yaml
-WORKDIR "/gotosocial"
+VOLUME [ "/gotosocial/storage" ]
ENTRYPOINT [ "/gotosocial/gotosocial", "server", "start" ]
