(syncope) 02/02: [SYNCOPE-1909] Setting USER on all Dockerfile occurrencies

ilgrosso Thu, 04 Sep 2025 05:29:54 -0700

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


commit 1b0e522e678f33554ebb03a1c82e5e72450b2015
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Thu Sep 4 14:29:20 2025 +0200

    [SYNCOPE-1909] Setting USER on all Dockerfile occurrencies
---
 docker/console/src/main/resources/Dockerfile | 15 ++++++---------
 docker/core/src/main/resources/Dockerfile    | 19 +++++++------------
 docker/enduser/src/main/resources/Dockerfile | 16 ++++++----------
 docker/sra/src/main/resources/Dockerfile     | 15 ++++++---------
 docker/wa/src/main/resources/Dockerfile      | 15 ++++++---------
 5 files changed, 31 insertions(+), 49 deletions(-)

diff --git a/docker/console/src/main/resources/Dockerfile 
b/docker/console/src/main/resources/Dockerfile
index c2e81ed015..72b5e0069b 100644
--- a/docker/console/src/main/resources/Dockerfile
+++ b/docker/console/src/main/resources/Dockerfile
@@ -20,16 +20,9 @@ LABEL 
org.opencontainers.image.authors="d...@syncope.apache.org"
 
 RUN apk update && apk add bash
 
-RUN set -x
+RUN mkdir /opt/syncope /opt/syncope/bin /opt/syncope/conf /opt/syncope/lib 
/opt/syncope/log
 
-RUN mkdir /opt/syncope
-RUN mkdir /opt/syncope/bin
-RUN mkdir /opt/syncope/conf
-RUN mkdir /opt/syncope/lib
-RUN mkdir /opt/syncope/log
-
-COPY *.properties /opt/syncope/conf/
-COPY log4j2.xml /opt/syncope/conf/
+COPY *.properties log4j2.xml /opt/syncope/conf/
 
 COPY syncope-docker-console-*jar /opt/syncope/lib/syncope-console.jar
 
@@ -43,4 +36,8 @@ CMD ["/opt/syncope/bin/startup.sh"]
 
 RUN wget -O /usr/local/bin/wait-for-it 
https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh 
&& chmod 755 /usr/local/bin/wait-for-it
 
+RUN addgroup --system syncope && adduser -S -s /usr/sbin/nologin -G syncope 
syncope
+RUN chown -R syncope:syncope /opt/syncope
+USER syncope
+
 EXPOSE 8080
diff --git a/docker/core/src/main/resources/Dockerfile 
b/docker/core/src/main/resources/Dockerfile
index 7919bc7ea3..d55c99ef49 100644
--- a/docker/core/src/main/resources/Dockerfile
+++ b/docker/core/src/main/resources/Dockerfile
@@ -20,22 +20,13 @@ LABEL 
org.opencontainers.image.authors="d...@syncope.apache.org"
 
 RUN apk update && apk add bash
 
-RUN set -x
+RUN mkdir /opt/syncope /opt/syncope/bin /opt/syncope/bundles /opt/syncope/conf 
/opt/syncope/lib /opt/syncope/log
 
-RUN mkdir /opt/syncope
-RUN mkdir /opt/syncope/bin
-RUN mkdir /opt/syncope/bundles
-RUN mkdir /opt/syncope/conf
-RUN mkdir /opt/syncope/lib
-RUN mkdir /opt/syncope/log
-
-COPY *.properties /opt/syncope/conf/
-COPY *.xml /opt/syncope/conf/
-COPY saml.keystore.jks /opt/syncope/conf/
+COPY *.properties *.xml saml.keystore.jks /opt/syncope/conf/
 
 COPY bundles/*.jar /opt/syncope/bundles/
-COPY lib/*.jar /opt/syncope/lib/
 
+COPY lib/mariadb*.jar lib/mysql*jar lib/ojdbc*jar lib/postgresql*jar 
/opt/syncope/lib/
 COPY lib/syncope-docker-core-*jar /opt/syncope/lib/syncope.jar
 
 ENV SPRING_PROFILES_ACTIVE=docker
@@ -48,4 +39,8 @@ CMD ["/opt/syncope/bin/startup.sh"]
 
 RUN wget -O /usr/local/bin/wait-for-it 
https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh 
&& chmod 755 /usr/local/bin/wait-for-it
 
+RUN addgroup --system syncope && adduser -S -s /usr/sbin/nologin -G syncope 
syncope
+RUN chown -R syncope:syncope /opt/syncope
+USER syncope
+
 EXPOSE 8080
diff --git a/docker/enduser/src/main/resources/Dockerfile 
b/docker/enduser/src/main/resources/Dockerfile
index 94a2ab81dc..a87be1ce06 100644
--- a/docker/enduser/src/main/resources/Dockerfile
+++ b/docker/enduser/src/main/resources/Dockerfile
@@ -20,17 +20,9 @@ LABEL 
org.opencontainers.image.authors="d...@syncope.apache.org"
 
 RUN apk update && apk add bash
 
-RUN set -x
+RUN mkdir /opt/syncope /opt/syncope/bin /opt/syncope/conf /opt/syncope/lib 
/opt/syncope/log
 
-RUN mkdir /opt/syncope
-RUN mkdir /opt/syncope/bin
-RUN mkdir /opt/syncope/conf
-RUN mkdir /opt/syncope/lib
-RUN mkdir /opt/syncope/log
-
-COPY *.properties /opt/syncope/conf/
-COPY *.json /opt/syncope/conf/
-COPY log4j2.xml /opt/syncope/conf/
+COPY *.properties *.json log4j2.xml /opt/syncope/conf/
 
 COPY syncope-docker-enduser-*jar /opt/syncope/lib/syncope-enduser.jar
 
@@ -44,4 +36,8 @@ CMD ["/opt/syncope/bin/startup.sh"]
 
 RUN wget -O /usr/local/bin/wait-for-it 
https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh 
&& chmod 755 /usr/local/bin/wait-for-it
 
+RUN addgroup --system syncope && adduser -S -s /usr/sbin/nologin -G syncope 
syncope
+RUN chown -R syncope:syncope /opt/syncope
+USER syncope
+
 EXPOSE 8080
diff --git a/docker/sra/src/main/resources/Dockerfile 
b/docker/sra/src/main/resources/Dockerfile
index 8212b2b6d7..ba30a7e4fd 100644
--- a/docker/sra/src/main/resources/Dockerfile
+++ b/docker/sra/src/main/resources/Dockerfile
@@ -20,16 +20,9 @@ LABEL 
org.opencontainers.image.authors="d...@syncope.apache.org"
 
 RUN apk update && apk add bash
 
-RUN set -x
+RUN mkdir /opt/syncope /opt/syncope/bin /opt/syncope/conf /opt/syncope/lib 
/opt/syncope/log
 
-RUN mkdir /opt/syncope
-RUN mkdir /opt/syncope/bin
-RUN mkdir /opt/syncope/conf
-RUN mkdir /opt/syncope/lib
-RUN mkdir /opt/syncope/log
-
-COPY *.properties /opt/syncope/conf/
-COPY log4j2.xml /opt/syncope/conf/
+COPY *.properties log4j2.xml /opt/syncope/conf/
 
 COPY syncope-docker-sra-*jar /opt/syncope/lib/syncope-sra.jar
 
@@ -43,4 +36,8 @@ CMD ["/opt/syncope/bin/startup.sh"]
 
 RUN wget -O /usr/local/bin/wait-for-it 
https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh 
&& chmod 755 /usr/local/bin/wait-for-it
 
+RUN addgroup --system syncope && adduser -S -s /usr/sbin/nologin -G syncope 
syncope
+RUN chown -R syncope:syncope /opt/syncope
+USER syncope
+
 EXPOSE 8080
diff --git a/docker/wa/src/main/resources/Dockerfile 
b/docker/wa/src/main/resources/Dockerfile
index 4789c2ec09..dac89ec8b3 100644
--- a/docker/wa/src/main/resources/Dockerfile
+++ b/docker/wa/src/main/resources/Dockerfile
@@ -20,16 +20,9 @@ LABEL 
org.opencontainers.image.authors="d...@syncope.apache.org"
 
 RUN apk update && apk add bash
 
-RUN set -x
+RUN mkdir /opt/syncope /opt/syncope/bin /opt/syncope/conf /opt/syncope/lib 
/opt/syncope/log
 
-RUN mkdir /opt/syncope
-RUN mkdir /opt/syncope/bin
-RUN mkdir /opt/syncope/conf
-RUN mkdir /opt/syncope/lib
-RUN mkdir /opt/syncope/log
-
-COPY *.properties /opt/syncope/conf/
-COPY log4j2.xml /opt/syncope/conf/
+COPY *.properties log4j2.xml /opt/syncope/conf/
 
 COPY syncope-docker-wa-*jar /opt/syncope/lib/syncope-wa.jar
 
@@ -43,4 +36,8 @@ CMD ["/opt/syncope/bin/startup.sh"]
 
 RUN wget -O /usr/local/bin/wait-for-it 
https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh 
&& chmod 755 /usr/local/bin/wait-for-it
 
+RUN addgroup --system syncope && adduser -S -s /usr/sbin/nologin -G syncope 
syncope
+RUN chown -R syncope:syncope /opt/syncope
+USER syncope
+
 EXPOSE 8080

(syncope) 02/02: [SYNCOPE-1909] Setting USER on all Dockerfile occurrencies

Reply via email to