faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-09 16:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

update dockerfile to add user

Browse Source 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
This commit is contained in:
Carlos Panato 2019-05-07 09:05:46 +02:00 committed by Alex Ellis
parent 6d8ebc65f1
commit 86b37acae7
1 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
sample-functions/ApiKeyProtected-Secrets/Dockerfile
View File

@ -1,26 +1,48 @@
FROM golang:1.9.7-alpine as builder FROM golang:1.10.4-alpine3.8 as builder
MAINTAINER alex@openfaas.com # Allows you to add additional packages via build-arg
ENTRYPOINT [] ARG ADDITIONAL_PACKAGE
ARG CGO_ENABLED=0
RUN apk --no-cache add make curl \ RUN apk --no-cache add curl ${ADDITIONAL_PACKAGE} \
&& curl -sL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \ && echo "Pulling watchdog binary from Github." \
&& chmod +x /usr/bin/fwatchdog && curl -sSL https://github.com/openfaas/faas/releases/download/0.13.0/fwatchdog > /usr/bin/fwatchdog \
&& chmod +x /usr/bin/fwatchdog \
&& apk del curl --no-cache
WORKDIR /go/src/github.com/openfaas/faas/sample-functions/ApiKeyProtected WORKDIR /go/src/handler
COPY . .
COPY handler.go . # Run a gofmt and exclude all vendored code.
# COPY vendor vendor RUN test -z "$(gofmt -l $(find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./function/vendor/*"))" || { echo "Run \"gofmt -s -w\" on your Golang code"; exit 1; }
RUN go install RUN CGO_ENABLED=${CGO_ENABLED} GOOS=linux \
go build --ldflags "-s -w" -a -installsuffix cgo -o handler . && \
go test $(go list ./... | grep -v /vendor/) -cover
FROM alpine:3.8 FROM alpine:3.8
# Needed to reach the hub
RUN apk --no-cache add ca-certificates RUN apk --no-cache add ca-certificates
COPY --from=builder /usr/bin/fwatchdog /usr/bin/fwatchdog # Add non root user
COPY --from=builder /go/bin/ApiKeyProtected /usr/bin/ApiKeyProtected RUN addgroup -S app && adduser -S -g app app
RUN mkdir -p /home/app
WORKDIR /home/app
COPY --from=builder /usr/bin/fwatchdog .
COPY --from=builder /go/src/handler/function/ .
COPY --from=builder /go/src/handler/handler .
ENV fprocess "/usr/bin/ApiKeyProtected" ENV fprocess "/usr/bin/ApiKeyProtected"
CMD ["/usr/bin/fwatchdog"] RUN chown -R app /home/app
USER app
ENV fprocess="./handler"
EXPOSE 8080
HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1
CMD ["./fwatchdog"]