This is an automated email from the ASF dual-hosted git repository.
mshuler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cassandra-website.git
The following commit(s) were added to refs/heads/master by this push:
new 8c5f3d5 Run container build steps as non-root user
new 06eb3ba Merge pull request #2 from mshuler/docker-as-user
8c5f3d5 is described below
commit 8c5f3d57dd9f313d0b81e5a429e5c99120fed036
Author: Michael Shuler <[email protected]>
AuthorDate: Fri Mar 6 12:16:16 2020 -0600
Run container build steps as non-root user
---
Dockerfile | 25 ++++++++++++++++++++-----
README.md | 7 +++++++
docker-compose.yml | 16 ++++++++--------
docker-entrypoint-jekyll-serve.sh | 6 ++++--
docker-entrypoint.sh | 2 +-
5 files changed, 40 insertions(+), 16 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 99c312f..8ddb50d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,18 @@
FROM debian:stretch
+# Set up non-root user, 'build', with default uid:gid
+# This allows passing --build-arg to use local host user's uid:gid:
+# $ docker-compose build \
+# --build-arg UID=$(id -u) \
+# --build-arg GID=$(id -g) \
+# cassandra-website
+ARG UID=1000
+ARG GID=1000
+RUN echo "Setting up user 'build' with UID=${UID} GID=${GID}"
+RUN groupadd --gid $GID --non-unique build
+RUN useradd --create-home --shell /bin/bash \
+ --uid $UID --gid $GID --non-unique build
+
# Install tools
RUN apt-get update && \
apt-get install -y \
@@ -26,16 +39,18 @@ RUN gem install bundler && \
bundle install && \
rm /Gemfile /Gemfile.lock
-ENV CASSANDRA_DIR="/usr/src/cassandra"
+# Run as build user from here
+USER build
+
+ENV CASSANDRA_DIR="/home/build/cassandra"
# Setup repositories to building the docs
-RUN mkdir -p /usr/src/cassandra-site && \
+RUN mkdir -p /home/build/cassandra-site && \
git clone https://gitbox.apache.org/repos/asf/cassandra.git
${CASSANDRA_DIR}
EXPOSE 4000/tcp
-COPY docker-entrypoint.sh /
-RUN chmod +x /docker-entrypoint.sh
-ENTRYPOINT ["/docker-entrypoint.sh"]
+COPY docker-entrypoint.sh /home/build/
+ENTRYPOINT ["/home/build/docker-entrypoint.sh"]
CMD [""]
diff --git a/README.md b/README.md
index cc9b5ea..5ef42ed 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,13 @@ $ docker-compose build cassandra-website
$ docker-compose run cassandra-website
```
+:warning: *Tip:* In order to prevent root-owned modified files in your
repository, the container user, `build`, is set up with a default
UID=1000:GID=1000, which is usually the first user configured on a linux
machine. If your local user is different you should set up the container user
with your local host user's UID:GID, replace the above with:
+
+```bash
+$ docker-compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g)
cassandra-website
+$ docker-compose run cassandra-website
+```
+
Go make yourself a cup of coffee, this will take a while...
Once building has completed, the site content will be in the
`./cassandra-website/content` directory ready to be committed.
diff --git a/docker-compose.yml b/docker-compose.yml
index 0729142..5d4f546 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,20 +4,22 @@ services:
cassandra-website:
build: .
image: cassandra-website:latest
+ user: build
volumes:
- - ./src:/usr/src/cassandra-site/src
- - ./content:/usr/src/cassandra-site/publish
+ - ./src:/home/build/cassandra-site/src
+ - ./content:/home/build/cassandra-site/publish
cassandra-website-serve:
build: .
image: cassandra-website:latest
- entrypoint: /docker-entrypoint-jekyll-serve.sh
+ user: build
+ entrypoint: /home/build/docker-entrypoint-jekyll-serve.sh
ports:
- 4000:4000
volumes:
- - ./src:/usr/src/cassandra-site/src
- - ./content:/usr/src/cassandra-site/publish
- - ./docker-entrypoint-jekyll-serve.sh:/docker-entrypoint-jekyll-serve.sh
+ - ./src:/home/build/cassandra-site/src
+ - ./content:/home/build/cassandra-site/publish
+ -
./docker-entrypoint-jekyll-serve.sh:/home/build/docker-entrypoint-jekyll-serve.sh
preview:
image: nginx
@@ -27,5 +29,3 @@ services:
- "./content:/usr/share/nginx/html"
command: [nginx-debug, '-g', 'daemon off;']
-
-
diff --git a/docker-entrypoint-jekyll-serve.sh
b/docker-entrypoint-jekyll-serve.sh
index 21a8f10..b34b927 100755
--- a/docker-entrypoint-jekyll-serve.sh
+++ b/docker-entrypoint-jekyll-serve.sh
@@ -2,6 +2,8 @@
set -e
+export CASSANDRA_SITE_DIR="/home/build/cassandra-site"
+
GREEN='\033[1;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
@@ -10,11 +12,11 @@ NC='\033[0m' # No Color
# version in the publish directory
while [ 1 ]
do
- sed -i 's/\.\/\.\.\//\.\/\.\.\/\.\.\//g'
/usr/src/cassandra-site/publish/doc/*/index.html
+ sed -i 's/\.\/\.\.\//\.\/\.\.\/\.\.\//g'
${CASSANDRA_SITE_DIR}/publish/doc/*/index.html
sleep 5
done &
-cd /usr/src/cassandra-site/src
+cd ${CASSANDRA_SITE_DIR}/src
JEKYLL_COMMAND="jekyll serve --host 0.0.0.0"
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index d729f46..578804c 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -2,7 +2,7 @@
set -xe
-export CASSANDRA_SITE_DIR="/usr/src/cassandra-site"
+export CASSANDRA_SITE_DIR="/home/build/cassandra-site"
jekyll --version
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
