cicd/drone-ssh
1
0
Fork 0
mirror of https://github.com/appleboy/drone-ssh.git synced 2025-07-02 21:52:51 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

chore: add default user for enhanced security (#267)

Browse Source 
- Add a new `.hadolint.yaml` configuration file with specific rule ignores
- Update the Dockerfile to install `ca-certificates` without a fixed version
- Add commands to create a `deploy` user and group with UID and GID `1000`, set home directory, and set ownership
- Set the Docker container to run as the `deploy` user with UID and GID `1000`

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
This commit is contained in:
Bo-Yi Wu 2023-12-26 13:29:22 +08:00 committed by GitHub
parent 037e0231ac
commit aa9314a009
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.hadolint.yaml Normal file
View File

@ -0,0 +1,3 @@
ignored:
- DL3018
- DL3008

19
docker/Dockerfile
View File

@ -12,9 +12,26 @@ LABEL org.opencontainers.image.source=https://github.com/appleboy/drone-ssh
LABEL org.opencontainers.image.description="Execute commands on a remote host through SSH" LABEL org.opencontainers.image.description="Execute commands on a remote host through SSH"
LABEL org.opencontainers.image.licenses=MIT LABEL org.opencontainers.image.licenses=MIT
RUN apk add --no-cache ca-certificates=20230506-r0 && \ RUN apk add --no-cache ca-certificates && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
RUN addgroup \
-S -g 1000 \
deploy && \
adduser \
-S -H -D \
-h /home/deploy \
-s /bin/sh \
-u 1000 \
-G deploy \
deploy
RUN mkdir -p /home/deploy && \
chown deploy:deploy /home/deploy
# deploy:deploy
USER 1000:1000
COPY release/${TARGETOS}/${TARGETARCH}/drone-ssh /bin/ COPY release/${TARGETOS}/${TARGETARCH}/drone-ssh /bin/
ENTRYPOINT ["/bin/drone-ssh"] ENTRYPOINT ["/bin/drone-ssh"]