Fix Dockerfile: create /data as root before switching to appuser
Some checks failed
Build and Deploy DevOpsDash / build-image (push) Has been cancelled
Some checks failed
Build and Deploy DevOpsDash / build-image (push) Has been cancelled
mkdir /data was running after USER appuser — no permission to write to /. Move mkdir + chown into the same RUN layer before USER switch.
This commit is contained in:
Henrik Jess Nielsen
@@ -9,13 +9,12 @@ RUN pip install --no-cache-dir -r requirements.txt
|
|||||||
# Copy app
|
# Copy app
|
||||||
COPY app/ app/
|
COPY app/ app/
|
||||||
|
|
||||||
# Non-root user
|
# Data dir (will be bind-mounted read-only in production) + non-root user
|
||||||
RUN useradd -r -u 1001 appuser && chown -R appuser /app
|
RUN mkdir -p /data && \
|
||||||
|
useradd -r -u 1001 appuser && \
|
||||||
|
chown -R appuser /app /data
|
||||||
USER appuser
|
USER appuser
|
||||||
|
|
||||||
# Data dir (will be bind-mounted read-only in production)
|
|
||||||
RUN mkdir -p /data
|
|
||||||
|
|
||||||
EXPOSE 8001
|
EXPOSE 8001
|
||||||
|
|
||||||
ENV PORT=8001
|
ENV PORT=8001
|
||||||
|
|||||||
Reference in New Issue
Block a user