Browse Source
docker: default published images to seaweed user (#8819)
* ci: add Trivy CVE scan to container release workflow
* docker: default published images to seaweed user
* Revert "ci: add Trivy CVE scan to container release workflow"
This reverts commit bc9b7e1cf7.
pull/8822/head
Chris Lu
3 days ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
10 additions and
2 deletions
-
docker/Dockerfile.go_build
-
docker/Dockerfile.local
|
|
@ -79,5 +79,9 @@ RUN mkdir -p /data/filerldb2 && \ |
|
|
VOLUME /data |
|
|
VOLUME /data |
|
|
WORKDIR /data |
|
|
WORKDIR /data |
|
|
|
|
|
|
|
|
# Entrypoint will handle permission fixes and user switching |
|
|
|
|
|
|
|
|
# Run as non-root by default (satisfies security scanners). |
|
|
|
|
|
# Use `docker run --user root` if you need the entrypoint to fix |
|
|
|
|
|
# /data volume ownership before dropping privileges. |
|
|
|
|
|
USER seaweed |
|
|
|
|
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"] |
|
|
ENTRYPOINT ["/entrypoint.sh"] |
|
|
@ -37,5 +37,9 @@ RUN mkdir -p /data/filerldb2 && \ |
|
|
VOLUME /data |
|
|
VOLUME /data |
|
|
WORKDIR /data |
|
|
WORKDIR /data |
|
|
|
|
|
|
|
|
# Entrypoint will handle permission fixes and user switching |
|
|
|
|
|
|
|
|
# Run as non-root by default (satisfies security scanners). |
|
|
|
|
|
# Use `docker run --user root` if you need the entrypoint to fix |
|
|
|
|
|
# /data volume ownership before dropping privileges. |
|
|
|
|
|
USER seaweed |
|
|
|
|
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"] |
|
|
ENTRYPOINT ["/entrypoint.sh"] |
