From 96bd1f7e3231fd2f46842247809a6afdc8589de9 Mon Sep 17 00:00:00 2001 From: Paul Robinson Date: Fri, 1 May 2020 14:04:33 +0100 Subject: [PATCH] Update Quarkus Dockerfile to run as non-root (#778) * Update quarkus Dockerfile to run as non-root * Incrimented stack version Co-authored-by: Kamran Shamsi <45264227+Kamran64@users.noreply.github.com> --- incubator/quarkus/image/project/Dockerfile | 12 +++++++++++- incubator/quarkus/image/project/pom.xml | 2 +- incubator/quarkus/stack.yaml | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/incubator/quarkus/image/project/Dockerfile b/incubator/quarkus/image/project/Dockerfile index c64226c9d..a2cce1f7c 100644 --- a/incubator/quarkus/image/project/Dockerfile +++ b/incubator/quarkus/image/project/Dockerfile @@ -18,6 +18,16 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal WORKDIR /work/ COPY --from=build /project/user-app/target/*-runner /work/application -RUN chmod 775 /work + +USER root +RUN microdnf -y install shadow-utils \ + && microdnf clean all ;\ + useradd -r -g 0 -s /usr/sbin/nologin quarkus + +RUN chown -R quarkus /work +RUN chmod -R g+w /work + + +USER quarkus EXPOSE 8080 CMD ["./application", "-Dquarkus.http.host=0.0.0.0"] diff --git a/incubator/quarkus/image/project/pom.xml b/incubator/quarkus/image/project/pom.xml index 2d3ee5864..99558e3da 100644 --- a/incubator/quarkus/image/project/pom.xml +++ b/incubator/quarkus/image/project/pom.xml @@ -4,7 +4,7 @@ dev.appsody quarkus - 0.3.1 + 0.3.2 pom diff --git a/incubator/quarkus/stack.yaml b/incubator/quarkus/stack.yaml index c3194ed49..97a771772 100644 --- a/incubator/quarkus/stack.yaml +++ b/incubator/quarkus/stack.yaml @@ -1,5 +1,5 @@ name: Quarkus -version: 0.3.1 +version: 0.3.2 description: Quarkus runtime for running Java applications license: Apache-2.0 language: java