feat: switch to rootless runs + refactor
* build as root but run the container as UID/GID 1000 * db expose only on localhost * docker-compose mount $PWD for easy local debugging
This commit is contained in:
parent
1489069c5c
commit
82d075dd01
|
@ -1,4 +1,8 @@
|
|||
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine
|
||||
ENV UID 1000
|
||||
ENV GID 1000
|
||||
ENV UNAME unpriv
|
||||
RUN adduser -D -u ${UID} -g ${GID} -H ${UNAME} -h /src
|
||||
WORKDIR /src
|
||||
|
||||
COPY global.json ./
|
||||
|
@ -14,5 +18,7 @@ RUN dotnet publish -c Release -o bin/out
|
|||
FROM mcr.microsoft.com/dotnet/aspnet:3.1
|
||||
WORKDIR /App
|
||||
COPY --from=0 /src/bin/out/ .
|
||||
RUN chown -R ${UID}:${GID} ./
|
||||
USER ${UNAME}
|
||||
ENV ASPNETCORE_ENVIRONMENT=Release
|
||||
ENTRYPOINT ["dotnet", "pwt-0x01-ng.dll"]
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine
|
||||
ENV UID 1000
|
||||
ENV GID 1000
|
||||
ENV UNAME unpriv
|
||||
RUN adduser -D -u ${UID} -g ${GID} -H ${UNAME} -h /src
|
||||
WORKDIR /src
|
||||
|
||||
COPY global.json ./
|
||||
|
@ -10,6 +14,8 @@ RUN dotnet restore
|
|||
COPY . ./
|
||||
RUN sed -i 's/3.1.110/3.1.404/' global.json
|
||||
RUN dotnet build -c Debug -o bin/out
|
||||
RUN chown -R ${UID}:${GID} ./ /root/
|
||||
USER ${UNAME}
|
||||
|
||||
ENV ASPNETCORE_ENVIRONMENT=Development
|
||||
|
||||
|
|
|
@ -7,6 +7,8 @@ services:
|
|||
dockerfile: Dockerfile.dev
|
||||
ports:
|
||||
- 127.0.0.1:8001:5000
|
||||
volumes:
|
||||
- $PWD:/src
|
||||
environment:
|
||||
ASPNETCORE_ENVIRONMENT: Development
|
||||
DB_CONNECTION_STRING: "User ID=postgres;Password=679968312e029a806c1905c40ec331aa199a1eb86bd0b9eb04057933e449bdc9ef8ef292a39b68cafa5689c901a17266;Server=db;Port=5432;Database=pwt;Integrated Security=true;Pooling=true;"
|
||||
|
@ -21,7 +23,7 @@ services:
|
|||
container_name: 'db'
|
||||
image: postgres:13.1-alpine
|
||||
ports:
|
||||
- 5432:5432
|
||||
- 127.0.0.1:5432:5432
|
||||
volumes:
|
||||
- dbdata:/var/lib/postgresql/data
|
||||
environment:
|
||||
|
|
Reference in New Issue