Skip to content
Permalink
Browse files
Run container build steps as non-root user
  • Loading branch information
mshuler committed Mar 7, 2020
1 parent 5d37bee commit 8c5f3d57dd9f313d0b81e5a429e5c99120fed036
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 16 deletions.
@@ -1,5 +1,18 @@
FROM debian:stretch

# Set up non-root user, 'build', with default uid:gid
# This allows passing --build-arg to use local host user's uid:gid:
# $ docker-compose build \
# --build-arg UID=$(id -u) \
# --build-arg GID=$(id -g) \
# cassandra-website
ARG UID=1000
ARG GID=1000
RUN echo "Setting up user 'build' with UID=${UID} GID=${GID}"
RUN groupadd --gid $GID --non-unique build
RUN useradd --create-home --shell /bin/bash \
--uid $UID --gid $GID --non-unique build

# Install tools
RUN apt-get update && \
apt-get install -y \
@@ -26,16 +39,18 @@ RUN gem install bundler && \
bundle install && \
rm /Gemfile /Gemfile.lock

ENV CASSANDRA_DIR="/usr/src/cassandra"
# Run as build user from here
USER build

ENV CASSANDRA_DIR="/home/build/cassandra"

# Setup repositories to building the docs
RUN mkdir -p /usr/src/cassandra-site && \
RUN mkdir -p /home/build/cassandra-site && \
git clone https://gitbox.apache.org/repos/asf/cassandra.git ${CASSANDRA_DIR}

EXPOSE 4000/tcp

COPY docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
COPY docker-entrypoint.sh /home/build/
ENTRYPOINT ["/home/build/docker-entrypoint.sh"]

CMD [""]
@@ -27,6 +27,13 @@ $ docker-compose build cassandra-website
$ docker-compose run cassandra-website
```

:warning: *Tip:* In order to prevent root-owned modified files in your repository, the container user, `build`, is set up with a default UID=1000:GID=1000, which is usually the first user configured on a linux machine. If your local user is different you should set up the container user with your local host user's UID:GID, replace the above with:

```bash
$ docker-compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) cassandra-website
$ docker-compose run cassandra-website
```

Go make yourself a cup of coffee, this will take a while...

Once building has completed, the site content will be in the `./cassandra-website/content` directory ready to be committed.
@@ -4,20 +4,22 @@ services:
cassandra-website:
build: .
image: cassandra-website:latest
user: build
volumes:
- ./src:/usr/src/cassandra-site/src
- ./content:/usr/src/cassandra-site/publish
- ./src:/home/build/cassandra-site/src
- ./content:/home/build/cassandra-site/publish

cassandra-website-serve:
build: .
image: cassandra-website:latest
entrypoint: /docker-entrypoint-jekyll-serve.sh
user: build
entrypoint: /home/build/docker-entrypoint-jekyll-serve.sh
ports:
- 4000:4000
volumes:
- ./src:/usr/src/cassandra-site/src
- ./content:/usr/src/cassandra-site/publish
- ./docker-entrypoint-jekyll-serve.sh:/docker-entrypoint-jekyll-serve.sh
- ./src:/home/build/cassandra-site/src
- ./content:/home/build/cassandra-site/publish
- ./docker-entrypoint-jekyll-serve.sh:/home/build/docker-entrypoint-jekyll-serve.sh

preview:
image: nginx
@@ -27,5 +29,3 @@ services:
- "./content:/usr/share/nginx/html"
command: [nginx-debug, '-g', 'daemon off;']



@@ -2,6 +2,8 @@

set -e

export CASSANDRA_SITE_DIR="/home/build/cassandra-site"

GREEN='\033[1;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
@@ -10,11 +12,11 @@ NC='\033[0m' # No Color
# version in the publish directory
while [ 1 ]
do
sed -i 's/\.\/\.\.\//\.\/\.\.\/\.\.\//g' /usr/src/cassandra-site/publish/doc/*/index.html
sed -i 's/\.\/\.\.\//\.\/\.\.\/\.\.\//g' ${CASSANDRA_SITE_DIR}/publish/doc/*/index.html
sleep 5
done &

cd /usr/src/cassandra-site/src
cd ${CASSANDRA_SITE_DIR}/src

JEKYLL_COMMAND="jekyll serve --host 0.0.0.0"

@@ -2,7 +2,7 @@

set -xe

export CASSANDRA_SITE_DIR="/usr/src/cassandra-site"
export CASSANDRA_SITE_DIR="/home/build/cassandra-site"

jekyll --version

0 comments on commit 8c5f3d5

Please sign in to comment.