From 3471f7d26d38d7fbf6de1b9f0d77ded763bdc04d Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Thu, 10 Oct 2019 15:58:56 +0200 Subject: [PATCH] Multi-platform Docker image Run as non-root user --- Dockerfile | 36 +++++++++++++++++++++--------------- entrypoint.sh | 4 +--- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 39b53a4..f90d1a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,14 @@ -FROM adoptopenjdk/openjdk12:alpine-jre +# syntax=docker/dockerfile:experimental +FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot -ARG BUILD_DATE -ARG VCS_REF -ARG VERSION +ARG TARGETPLATFORM +ARG BUILDPLATFORM +RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n" LABEL maintainer="CrazyMax" \ - org.label-schema.build-date=$BUILD_DATE \ org.label-schema.name="jetbrains-license-server" \ org.label-schema.description="JetBrains License Server" \ - org.label-schema.version=$VERSION \ org.label-schema.url="https://github.com/crazy-max/docker-jetbrains-license-server" \ - org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url="https://github.com/crazy-max/docker-jetbrains-license-server" \ org.label-schema.vendor="CrazyMax" \ org.label-schema.schema-version="1.0" @@ -20,25 +18,33 @@ ENV JLS_PATH="/opt/jetbrains-license-server" \ JLS_SHA256="15cd436d41b1af8e273b8f8b037d654a9e9d9ca8a5f188e08426ca1024ba143a" \ TZ="UTC" -COPY entrypoint.sh /entrypoint.sh - -RUN apk --update --no-cache add \ - tzdata \ - && apk --update --no-cache add -t build-dependencies \ +RUN apt-get update \ + && apt-get install -y \ + bash \ curl \ zip \ - && mkdir -p "$JLS_PATH" \ + tzdata \ && curl -L "https://download.jetbrains.com/lcsrv/license-server-installer.zip" -o "/tmp/jls.zip" \ && echo "$JLS_SHA256 /tmp/jls.zip" | sha256sum -c - | grep OK \ && unzip "/tmp/jls.zip" -d "$JLS_PATH" \ && rm -f "/tmp/jls.zip" \ && chmod a+x "$JLS_PATH/bin/license-server.sh" \ && ln -sf "$JLS_PATH/bin/license-server.sh" "/usr/local/bin/license-server" \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY entrypoint.sh /entrypoint.sh + +RUN mkdir -p /data "$JLS_PATH" \ && chmod a+x /entrypoint.sh \ - && apk del build-dependencies \ - && rm -rf /var/cache/apk/* /tmp/* + && groupadd -f -g 1000 jls \ + && useradd -o -s /bin/bash -d /data -u 1000 -g 1000 -m jls \ + && chown -R jls. /data "$JLS_PATH" + +USER jls EXPOSE 8000 +WORKDIR /data VOLUME [ "/data" ] ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/entrypoint.sh b/entrypoint.sh index 51c7e6b..a946315 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,8 +8,6 @@ JLS_ACCESS_CONFIG=${JLS_ACCESS_CONFIG:-/data/access-config.json} # Init echo "Initializing files and folders..." -mkdir -p /data/registration -ln -sf "/data/registration" "/root/.jb-license-server" touch "/data/access-config.json" # https://www.jetbrains.com/help/license_server/setting_host_and_port.html @@ -18,7 +16,7 @@ license-server configure --listen ${JLS_LISTEN_ADDRESS} --port ${JLS_PORT} --con # https://www.jetbrains.com/help/license_server/setting_host_and_port.html if [ ! -z "$JLS_VIRTUAL_HOSTS" ] ; then - echo "Following virtual hosts will be used :" + echo "Following virtual hosts will be used:" for JLS_VIRTUAL_HOST in $(echo ${JLS_VIRTUAL_HOSTS} | tr "," "\n"); do echo "-> ${JLS_VIRTUAL_HOST}" done