Merge #1759

1759: Feature docker as non root r=curquiza a=igaul This closes #1757 . Adding a non root user with default name meiliuser. Co-authored-by: gaul@pdx.edu <gaul@pdx.edu> Co-authored-by: igaul <40813772+igaul@users.noreply.github.com> Co-authored-by: Clémentine Urquizar <clementine@meilisearch.com>
2024-11-23 02:27:40 +08:00 · 2021-10-14 12:45:49 +00:00 · 2021-10-14 12:45:49 +00:00 · d107b3f46c
commit d107b3f46c
parent fd4a90549b 44149bec60
1 changed files with 9 additions and 2 deletions
--- a/11
+++ b/11
@ -35,11 +35,18 @@ RUN     $HOME/.cargo/bin/cargo build --release
 # Run
 FROM    alpine:3.14

-RUN     apk add -q --no-cache libgcc tini curl
+ARG     USER=meili
+ENV     HOME /home/${USER}
+ENV     MEILI_HTTP_ADDR 0.0.0.0:7700

+# download runtime deps as root and create ${USER}
+RUN     apk add -q --no-cache libgcc tini curl \
+        && adduser -D ${USER}
+WORKDIR ${HOME}
+USER    ${USER}
+# copy file as ${USER} to ${HOME}
 COPY    --from=compiler /meilisearch/target/release/meilisearch .

-ENV     MEILI_HTTP_ADDR 0.0.0.0:7700
 EXPOSE  7700/tcp

 ENTRYPOINT ["tini", "--"]