From 345fd09a5afa0a35bcfcd671e24afb785a9cba7e Mon Sep 17 00:00:00 2001 From: Eric Stoekl Date: Fri, 24 Nov 2017 14:14:00 -0800 Subject: [PATCH] Add user to groups, bump watchdog version Signed-off-by: Eric Stoekl --- template/csharp/Dockerfile | 9 ++++++--- template/node/Dockerfile | 2 +- template/python/Dockerfile | 11 ++++++----- template/python3/Dockerfile | 9 ++++++--- template/ruby/Dockerfile | 10 ++++++---- 5 files changed, 25 insertions(+), 16 deletions(-) diff --git a/template/csharp/Dockerfile b/template/csharp/Dockerfile index 564dcc227..3ace24f74 100644 --- a/template/csharp/Dockerfile +++ b/template/csharp/Dockerfile @@ -18,12 +18,12 @@ COPY . . RUN dotnet publish -c release -o published FROM microsoft/dotnet:2.0-runtime -RUN useradd app +RUN addgroup -S app && adduser -S -g app app RUN apt-get update -qy \ && apt-get install -qy curl ca-certificates --no-install-recommends \ && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.9/fwatchdog > /usr/bin/fwatchdog \ + && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.12/fwatchdog > /usr/bin/fwatchdog \ && chmod +x /usr/bin/fwatchdog \ && apt-get -qy remove curl \ && apt-get clean \ @@ -32,7 +32,10 @@ RUN apt-get update -qy \ WORKDIR /home/app/ COPY --from=builder /home/app/src/published . -RUN chown -R app ./ +# chmod for tmp is for a buildkit issue (@alexellis) +RUN chown app:app -R /home/app \ + && chmod 777 /tmp + USER app ENV fprocess="dotnet ./root.dll" diff --git a/template/node/Dockerfile b/template/node/Dockerfile index 709085b65..51d010241 100644 --- a/template/node/Dockerfile +++ b/template/node/Dockerfile @@ -5,7 +5,7 @@ RUN addgroup -S app && adduser -S -g app app # Alternatively use ADD https:// (which will not be cached by Docker builder) RUN apk --no-cache add curl \ && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.9/fwatchdog > /usr/bin/fwatchdog \ + && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.12/fwatchdog > /usr/bin/fwatchdog \ && chmod +x /usr/bin/fwatchdog \ && apk del curl --no-cache diff --git a/template/python/Dockerfile b/template/python/Dockerfile index 0c4c4b5c8..fe460186a 100644 --- a/template/python/Dockerfile +++ b/template/python/Dockerfile @@ -1,16 +1,14 @@ FROM python:2.7-alpine -RUN adduser app -D +RUN addgroup -S app && adduser -S -g app app # Alternatively use ADD https:// (which will not be cached by Docker builder) RUN apk --no-cache add curl \ && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.9/fwatchdog > /usr/bin/fwatchdog \ + && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.12/fwatchdog > /usr/bin/fwatchdog \ && chmod +x /usr/bin/fwatchdog \ && apk del curl --no-cache -RUN mkdir -p /home/app/function - COPY index.py /home/app COPY requirements.txt /home/app @@ -26,7 +24,10 @@ RUN pip install -r requirements.txt WORKDIR /home/app COPY function function -RUN chown -R app ./ +# chmod for tmp is for a buildkit issue (@alexellis) +RUN chown app:app -R /home/app \ + && chmod 777 /tmp + USER app ENV fprocess="python index.py" diff --git a/template/python3/Dockerfile b/template/python3/Dockerfile index 23478a20b..728e19f04 100644 --- a/template/python3/Dockerfile +++ b/template/python3/Dockerfile @@ -1,11 +1,11 @@ FROM python:3-alpine -RUN adduser app -D +RUN addgroup -S app && adduser -S -g app app # Alternatively use ADD https:// (which will not be cached by Docker builder) RUN apk --no-cache add curl \ && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.9/fwatchdog > /usr/bin/fwatchdog \ + && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.12/fwatchdog > /usr/bin/fwatchdog \ && chmod +x /usr/bin/fwatchdog \ && apk del curl --no-cache @@ -26,7 +26,10 @@ RUN pip install -r requirements.txt WORKDIR /home/app -RUN chown -R app ./ +# chmod for tmp is for a buildkit issue (@alexellis) +RUN chown app:app -R /home/app \ + && chmod 777 /tmp + USER app ENV fprocess="python3 index.py" diff --git a/template/ruby/Dockerfile b/template/ruby/Dockerfile index f1c093af2..52d0333d3 100644 --- a/template/ruby/Dockerfile +++ b/template/ruby/Dockerfile @@ -1,15 +1,14 @@ FROM ruby:2.4-alpine3.6 -RUN adduser app -D +RUN addgroup -S app && adduser -S -g app app # Alternatively use ADD https:// (which will not be cached by Docker builder) RUN apk --no-cache add curl \ && echo "Pulling watchdog binary from Github." \ - && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.9/fwatchdog > /usr/bin/fwatchdog \ + && curl -sSL https://github.com/openfaas/faas/releases/download/0.6.12/fwatchdog > /usr/bin/fwatchdog \ && chmod +x /usr/bin/fwatchdog \ && apk del curl --no-cache -RUN mkdir -p /home/app/ WORKDIR /home/app/ COPY Gemfile . @@ -22,7 +21,10 @@ RUN bundle install WORKDIR /home/app/ -RUN chown -R app ./ +# chmod for tmp is for a buildkit issue (@alexellis) +RUN chown app:app -R /home/app \ + && chmod 777 /tmp + USER app ENV fprocess="ruby index.rb"