Code Review / nonrtric.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use non-root user for Dockerfile of helm-manager
[nonrtric.git] / helm-manager / Dockerfile
diff --git a/helm-manager/Dockerfile b/helm-manager/Dockerfile
index 5e96b60..b50767c 100644 (file)
--- a/helm-manager/Dockerfile
+++ b/helm-manager/Dockerfile
@@ -46,4 +46,20 @@ COPY config/application.yaml .
 WORKDIR /opt/app/helm-manager
 COPY target/app.jar app.jar
 
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $group && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/helm-manager
+RUN chown -R $user:$group /etc/app/helm-manager
+
+RUN mkdir /var/helm-manager-service
+RUN chown -R $user:$group /var/helm-manager-service
+
+RUN mkdir /home/$user
+RUN chown -R $user:$group /home/$user
+
+USER $user
+
 CMD [ "java", "-jar", "app.jar", "--spring.config.location=optional:file:/etc/app/helm-manager/"]
Parent repository for the O-RAN SC Non Real-Time RIC (NONRTRIC) project.