From 30fec481d4ebb8ae202702ecf48a40aa0270e755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20H=C3=BCttemann?= Date: Mon, 25 Sep 2023 17:32:11 +0200 Subject: [PATCH] Drop root privileges --- Dockerfile | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 62f8d28..3da9d84 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,27 +5,30 @@ COPY --from=koalaman/shellcheck:v0.9.0 /bin/shellcheck /bin/ ENV BUILD_BASE_VERSION="0.5-r3" # renovate: datasource=repology depName=alpine_3_18/gcc versioning=loose ENV GCC_VERSION="12.2.1_git20220924-r10" -# renovate: datasource=repology depName=alpine_3_18/ruby versioning=loose -ENV RUBY_VERSION="3.2.2-r0" # renovate: datasource=repology depName=alpine_3_18/git versioning=loose ENV GIT_VERSION="2.40.1-r0" -# renovate: datasource=repology depName=alpine_3_18/openssh-keygen versioning=loose +# renovate: datasource=repology depName=alpine_3_18/ruby versioning=loose ENV OPENSSH_KEYGEN_VERSION="9.3_p2-r0" # renovate: datasource=pypi depName=pre-commit versioning=pep440 -ENV PRE_COMMIT_VERSION="3.4.0" +ENV RUBY_VERSION="3.2.2-r0" +# renovate: datasource=repology depName=alpine_3_18/openssh-keygen versioning=loose +ENV PRE_COMMIT_VERSION="3.3.3" # renovate: datasource=rubygems depName=mdl versioning=ruby -ENV MDL_VERSION="0.12.0" +ENV MDL_VERSION="0.11.0" RUN apk add --update --no-cache \ build-base="${BUILD_BASE_VERSION}" \ gcc="${GCC_VERSION}" \ - ruby="${RUBY_VERSION}" \ git="${GIT_VERSION}" \ openssh-keygen="${OPENSSH_KEYGEN_VERSION}" \ + ruby="${RUBY_VERSION}" \ && \ - pip install --no-cache-dir pre-commit=="${PRE_COMMIT_VERSION}" && \ gem install --no-document mdl -v "${MDL_VERSION}" && \ mkdir /data && \ - git config --global --add safe.directory /data + adduser -D -h /home/user/ -g user user + +USER user:user +ENV PATH="/home/user/.local/bin:${PATH}" +RUN pip install --no-cache-dir pre-commit=="${PRE_COMMIT_VERSION}" WORKDIR /data