[chore] Little Dockerfile updates (#1071)

* [chore] Little Dockerfile updates * update comment on USER directive (thanks chris)
2022-11-19 10:18:01 +01:00 · 2022-11-19 10:18:01 +01:00 · be3d999c21
parent 67106c9dc4
commit be3d999c21
1 changed files with 17 additions and 1 deletions
--- a/18
+++ b/18
@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:1.3
+# Dockerfile reference: https://docs.docker.com/engine/reference/builder/
+
 # stage 1: generate up-to-date swagger.yaml to put in the final container
 FROM --platform=${BUILDPLATFORM} quay.io/goswagger/swagger:v0.30.0 AS swagger

@ -20,6 +22,20 @@ RUN yarn install --cwd web/source && \
 # stage 3: build the executor container
 FROM --platform=${TARGETPLATFORM} alpine:3.15.4 as executor

+# switch to non-root user:group for GtS
+USER 1000:1000
+
+# Because we're doing multi-arch builds we can't easily do `RUN mkdir [...]`
+# but we can hack around that by having docker's WORKDIR make the dirs for
+# us, as the user created above.
+#
+# See https://docs.docker.com/engine/reference/builder/#workdir
+#
+# First make sure storage exists + is owned by 1000:1000, then go back
+# to just /gotosocial, where we'll run from
+WORKDIR "/gotosocial/storage"
+WORKDIR "/gotosocial"
+
 # copy the dist binary created by goreleaser or build.sh
 COPY --chown=1000:1000 gotosocial /gotosocial/gotosocial

@ -27,5 +43,5 @@ COPY --chown=1000:1000 gotosocial /gotosocial/gotosocial
 COPY --chown=1000:1000 --from=bundler web /gotosocial/web
 COPY --chown=1000:1000 --from=swagger /go/src/github.com/superseriousbusiness/gotosocial/swagger.yaml web/assets/swagger.yaml

-WORKDIR "/gotosocial"
+VOLUME [ "/gotosocial/storage" ]
 ENTRYPOINT [ "/gotosocial/gotosocial", "server", "start" ]