From 6935bdeeb2940bf232764d803d7485ddcfb4ca37 Mon Sep 17 00:00:00 2001
From: The_Spider <nhyatt@smoothnet.org>
Date: Fri, 25 Mar 2022 09:46:05 -0500
Subject: [PATCH] adds user to run as noin-root

---
 build-icecast.jenkins | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/build-icecast.jenkins b/build-icecast.jenkins
index 919811e..b072328 100644
--- a/build-icecast.jenkins
+++ b/build-icecast.jenkins
@@ -6,9 +6,23 @@ def repositoryCreds = "harbor-repository-creds"
 def dockerFile = """FROM ${repository}/dockerhub/library/alpine:latest
 
 LABEL org.opencontainers.image.authors="The_Spider <spider@smoothnet.org>"
+LABEL org.opencontainers.image.title="icecast"
+LABEL org.opencontainers.image.description="Docker Container providing services for IceCast"
+LABEL org.opencontainers.image.base.name="docker.io/library/alpine/latest"
 
-RUN apk add --no-cache icecast && \
-    mkdir /icecast
+ENV CONFIG_FILE="/etc/icecast.xml"
+
+RUN apk add --no-cache icecast && \\
+    addgroup -S -g 1000 icecast && \\
+    adduser --disabled-password -G icecast --gecos "application account" --home "/icecast" --shell "/sbin/nologin" --uid 1000 icecast && \\
+    mkdir /icecast && \\
+    chown icecast:icecast /icecast
+
+USER icecast
+
+RUNAS icecast
+
+CMD ["/bin/sh", "-c", "icecast -c \\"${CONFIG_FILE}\\""]
 """
 
 def label = "kubernetes-${UUID.randomUUID().toString()}"