run with an unprivileged user
Some checks failed
Build Multiarch Container Image / call-reusable-workflow (push) Failing after 4m8s

This commit is contained in:
Sebastian Hugentobler 2024-05-31 09:35:19 +02:00
parent aefc35a9d2
commit ae5fa40469
Signed by: shu
GPG Key ID: BB32CF3CA052C2F0

View File

@ -14,8 +14,16 @@ RUN git checkout $VERSION
RUN go build ./cmd/syncv3 RUN go build ./cmd/syncv3
FROM scratch FROM docker.io/alpine:3.20
RUN addgroup -g 2222 matrix-sync
RUN adduser -h /var/lib/matrix-sync -u 2222 -D -G matrix-sync matrix-sync
RUN apk --no-cache add \
ca-certificates
COPY --from=builder /build/sliding-sync/syncv3 /syncv3 COPY --from=builder /build/sliding-sync/syncv3 /syncv3
USER matrix-sync
ENTRYPOINT [ "/syncv3" ] ENTRYPOINT [ "/syncv3" ]
EXPOSE 8008 EXPOSE 8008