From c667cc2cd23ed1847a0edd8d7e70148b81b3e388 Mon Sep 17 00:00:00 2001 From: Matt Johnson-Pint Date: Mon, 6 Jan 2025 20:29:10 -0800 Subject: [PATCH] Fix dockerfile issues --- .trunk/configs/.hadolint.yaml | 4 +--- .trunk/configs/.shellcheckrc | 4 ---- Dockerfile | 18 +++++++++++++++--- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.trunk/configs/.hadolint.yaml b/.trunk/configs/.hadolint.yaml index 98bf0cd2e..8f7e23e45 100644 --- a/.trunk/configs/.hadolint.yaml +++ b/.trunk/configs/.hadolint.yaml @@ -1,4 +1,2 @@ -# Following source doesn't work in most setups ignored: - - SC1090 - - SC1091 + - DL3008 diff --git a/.trunk/configs/.shellcheckrc b/.trunk/configs/.shellcheckrc index 8c7b1ada8..ecc904070 100644 --- a/.trunk/configs/.shellcheckrc +++ b/.trunk/configs/.shellcheckrc @@ -1,7 +1,3 @@ enable=all source-path=SCRIPTDIR disable=SC2154 - -# If you're having issues with shellcheck following source, disable the errors via: -# disable=SC1090 -# disable=SC1091 diff --git a/Dockerfile b/Dockerfile index 140707237..840fd17f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,8 +19,8 @@ COPY ./lib ./lib # Copy and modify go.work file COPY ./go.work ./ -RUN sed -i '/^[[:space:]]*\.\/sdk\//d' ./go.work -RUN sed -i '/^[[:space:]]*\.\/.*\/testdata/d' ./go.work +RUN sed -i '/^[[:space:]]*\.\/sdk\//d' ./go.work && \ + sed -i '/^[[:space:]]*\.\/.*\/testdata/d' ./go.work # switch to the runtime directory WORKDIR /src/runtime @@ -42,12 +42,17 @@ RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o modus_runtime -ldflags "-s -w FROM ubuntu:22.04 LABEL maintainer="Hypermode Inc. " +# Create a custom group and user +RUN groupadd -g 1234 modus && \ + useradd -m -u 1234 -g modus modus + # add common tools RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ iputils-ping \ jq \ - less + less \ + && rm -rf /var/lib/apt/lists/* # copy runtime binary from the build phase COPY --from=builder /src/runtime/modus_runtime /usr/bin/modus_runtime @@ -58,5 +63,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ tzdata \ && rm -rf /var/lib/apt/lists/* +# Switch to the custom user and set the working directory +USER modus +WORKDIR /home/modus + # set the default entrypoint and options ENTRYPOINT ["modus_runtime", "--jsonlogs"] + +# define the health check for the container +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 CMD curl -f http://localhost:8686/health | jq -e '.status == "ok"' > /dev/null || exit 1