adds user to run as noin-root

2022-03-25 09:46:05 -05:00 · 2022-03-25 09:46:05 -05:00 · 6935bdeeb2
commit 6935bdeeb2
parent 743c7c65dd
1 changed files with 16 additions and 2 deletions
--- a/build-icecast.jenkins
+++ b/build-icecast.jenkins
@ -6,9 +6,23 @@ def repositoryCreds = "harbor-repository-creds"
 def dockerFile = """FROM ${repository}/dockerhub/library/alpine:latest

 LABEL org.opencontainers.image.authors="The_Spider <spider@smoothnet.org>"
+LABEL org.opencontainers.image.title="icecast"
+LABEL org.opencontainers.image.description="Docker Container providing services for IceCast"
+LABEL org.opencontainers.image.base.name="docker.io/library/alpine/latest"

-RUN apk add --no-cache icecast && \
-    mkdir /icecast
+ENV CONFIG_FILE="/etc/icecast.xml"
+
+RUN apk add --no-cache icecast && \\
+    addgroup -S -g 1000 icecast && \\
+    adduser --disabled-password -G icecast --gecos "application account" --home "/icecast" --shell "/sbin/nologin" --uid 1000 icecast && \\
+    mkdir /icecast && \\
+    chown icecast:icecast /icecast
+
+USER icecast
+
+RUNAS icecast
+
+CMD ["/bin/sh", "-c", "icecast -c \\"${CONFIG_FILE}\\""]
 """

 def label = "kubernetes-${UUID.randomUUID().toString()}"