-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: refactor Dockerfile for security and efficiency
- Add a `.dockerignore` file to the repo. - Update various actions in the Docker workflow to new versions. - Add steps for setting up QEMU and Docker Buildx in the Docker workflow. - Update build and push step to use a Dockerfile, add a `final` target, and specify `linux/amd64` as the platform. - Refactor Dockerfile to use a `latest` tag and add the option for a user ID argument. - Add several directories in the Dockerfile and set permissions. - Add a lightweight init system to handle signals and reap processes. - Update file ownership and permissions when copying the bash scripts to the Docker container. - Add a step to switch the user in the Dockerfile. - Change the entrypoint of the Dockerfile to use the added lightweight init system `dumb-init`. Signed-off-by: 陳鈞 <jim60105@gmail.com>
- Loading branch information
Showing
3 changed files
with
42 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
**/LICENSE | ||
**/*.md | ||
**/.hadolint.yml | ||
**/node_modules | ||
**/*.log | ||
**/.git | ||
**/.gitignore | ||
**/.env | ||
**/.github | ||
**/.vscode | ||
**/bin | ||
**/obj | ||
**/dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,28 @@ | ||
FROM mcr.microsoft.com/azure-cli | ||
# syntax=docker/dockerfile:1 | ||
ARG UID=1001 | ||
|
||
# Set the working directory | ||
FROM mcr.microsoft.com/azure-cli:latest as final | ||
|
||
ARG UID | ||
|
||
RUN install -d -m 774 -o $UID -g 0 /app && \ | ||
install -d -m 774 -o $UID -g 0 /.azure | ||
WORKDIR /app | ||
|
||
# Copy the bash script into the container | ||
COPY azure-uploader.sh . | ||
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /bin/dumb-init | ||
RUN chmod +x /bin/dumb-init | ||
|
||
# Set the script as executable | ||
RUN chmod +x azure-uploader.sh | ||
# Copy the bash script into the container | ||
COPY --chown=$UID:0 --chmod=774 \ | ||
azure-uploader.sh . | ||
|
||
# Set environment variables | ||
ENV STORAGE_ACCOUNT_NAME="" | ||
ENV STORAGE_ACCOUNT_KEY="" | ||
ENV CONTAINER_NAME="" | ||
ENV DESTINATION_DIRECTORY="" | ||
|
||
USER $UID | ||
VOLUME [ "/sharedvolume" ] | ||
|
||
# Execute the script with provided settings | ||
ENTRYPOINT ["./azure-uploader.sh"] | ||
ENTRYPOINT [ "dumb-init", "--", "./azure-uploader.sh" ] |