Set Docker permissions during the build process (#6514)

* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown
author: Eugen Rochko <eugen@zeonfederated.com> 2018-02-20 17:25:01 +0100
committer: GitHub <noreply@github.com> 2018-02-20 17:25:01 +0100
commit: be9bab171dc2b1fe43bc742decb71f64541ca347 (patch)
tree: 32019e1126c55f5a3172c271ba945320f34bcb17 /Dockerfile
parent: 712488127380dbdd5bde2783d98f0e9793f4d97b (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/Dockerfile b/Dockerfile
index 765df58c250..628941dda34 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7
 LABEL maintainer="https://github.com/tootsuite/mastodon" \
       description="A GNU Social-compatible microblogging server"
 
-ENV UID=991 GID=991 \
-    RAILS_SERVE_STATIC_FILES=true \
+ARG UID=991
+ARG GID=991
+
+ENV RAILS_SERVE_STATIC_FILES=true \
     RAILS_ENV=production NODE_ENV=production
 
 ARG YARN_VERSION=1.3.2
@@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in
  && yarn --pure-lockfile \
  && yarn cache clean
 
-COPY . /mastodon
-
-COPY docker_entrypoint.sh /usr/local/bin/run
+RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
 
-RUN chmod +x /usr/local/bin/run
+COPY --chown=${UID}:${GID} . /mastodon
 
 VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs
 
-ENTRYPOINT ["/usr/local/bin/run"]
+USER mastodon
+
+ENTRYPOINT ["/sbin/tini", "--"]
author	Eugen Rochko <eugen@zeonfederated.com>	2018-02-20 17:25:01 +0100
committer	GitHub <noreply@github.com>	2018-02-20 17:25:01 +0100
commit	be9bab171dc2b1fe43bc742decb71f64541ca347 (patch)
tree	32019e1126c55f5a3172c271ba945320f34bcb17 /Dockerfile
parent	712488127380dbdd5bde2783d98f0e9793f4d97b (diff)