nhyatt/build-containers
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adds user to run as noin-root

Browse Source
This commit is contained in:
Hyatt 2022-03-25 09:46:05 -05:00
parent 743c7c65dd
commit 6935bdeeb2
Signed by: nhyatt
GPG Key ID: C50D0BBB5BC40BEA
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
build-icecast.jenkins
View File

@ -6,9 +6,23 @@ def repositoryCreds = "harbor-repository-creds"
def dockerFile = """FROM ${repository}/dockerhub/library/alpine:latest def dockerFile = """FROM ${repository}/dockerhub/library/alpine:latest
LABEL org.opencontainers.image.authors="The_Spider <spider@smoothnet.org>" LABEL org.opencontainers.image.authors="The_Spider <spider@smoothnet.org>"
LABEL org.opencontainers.image.title="icecast"
LABEL org.opencontainers.image.description="Docker Container providing services for IceCast"
LABEL org.opencontainers.image.base.name="docker.io/library/alpine/latest"
RUN apk add --no-cache icecast && \ ENV CONFIG_FILE="/etc/icecast.xml"
mkdir /icecast
RUN apk add --no-cache icecast && \\
addgroup -S -g 1000 icecast && \\
adduser --disabled-password -G icecast --gecos "application account" --home "/icecast" --shell "/sbin/nologin" --uid 1000 icecast && \\
mkdir /icecast && \\
chown icecast:icecast /icecast
USER icecast
RUNAS icecast
CMD ["/bin/sh", "-c", "icecast -c \\"${CONFIG_FILE}\\""]
""" """
def label = "kubernetes-${UUID.randomUUID().toString()}" def label = "kubernetes-${UUID.randomUUID().toString()}"