Skip to content

Commit

Permalink
#234 - Set user by id in Dockerfile
Browse files Browse the repository at this point in the history
- do not create a new user "feasibility" with group but use user with id 10001 instead
- adapt check in github action
  • Loading branch information
michael-82 committed Nov 22, 2023
1 parent 39579fa commit cf5b766
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 19 deletions.
10 changes: 0 additions & 10 deletions .github/scripts/check-if-running-as-feasibility-user.sh

This file was deleted.

10 changes: 10 additions & 0 deletions .github/scripts/check-if-running-as-user-10001.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash -e

if docker exec -u0 feasibility-gui-backend pgrep -u 10001 java > /dev/null
then
echo "Java process is running as 10001"
exit 0
else
echo "Java process is not running as 10001"
exit 1
fi
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,8 @@ jobs:
- name: Wait for Feasibility Backend
run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health

- name: Check if Feasibility Backend is correctly running with the feasibility user
run: .github/scripts/check-if-running-as-feasibility-user.sh
- name: Check if Feasibility Backend is correctly running with userid 10001
run: .github/scripts/check-if-running-as-user-10001.sh

- name: Wait for Blaze
run: .github/scripts/wait-for-url.sh http://localhost:8082/health
Expand Down
11 changes: 4 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,6 @@ WORKDIR /opt/codex-feasibility-backend
COPY ./target/*.jar ./feasibility-gui-backend.jar
COPY ontology ontology

RUN addgroup --system feasibility && adduser --system feasibility --ingroup feasibility
RUN mkdir logging
RUN chown -R feasibility:feasibility /opt/codex-feasibility-backend

USER feasibility:feasibility

ARG VERSION=2.1.0
ENV APP_VERSION=${VERSION}
ENV FEASIBILITY_DATABASE_HOST="feasibility-network"
Expand All @@ -23,8 +17,11 @@ ENV CERTIFICATE_PATH=/opt/codex-feasibility-backend/certs
ENV TRUSTSTORE_PATH=/opt/codex-feasibility-backend/truststore
ENV TRUSTSTORE_FILE=self-signed-truststore.jks

RUN mkdir logging
RUN chown -R 10001:10001 /opt/codex-feasibility-backend
RUN mkdir -p $CERTIFICATE_PATH $TRUSTSTORE_PATH
RUN chown feasibility:feasibility $CERTIFICATE_PATH $TRUSTSTORE_PATH
RUN chown 10001:10001 $CERTIFICATE_PATH $TRUSTSTORE_PATH
USER 10001

HEALTHCHECK --interval=5s --start-period=10s CMD curl -s -f http://localhost:8090/actuator/health || exit 1

Expand Down

0 comments on commit cf5b766

Please sign in to comment.