From 7f85e16d5d7cf4ccb002305c8acbb6ec4587d995 Mon Sep 17 00:00:00 2001
From: Pavel Kirilin <win10@list.ru>
Date: Sun, 10 Apr 2022 13:52:23 +0400
Subject: [PATCH] Added rootless images. (#73)

Signed-off-by: Pavel Kirilin <win10@list.ru>
---
 .github/workflows/release.yml | 22 +++++++++++++++++++++-
 deploy/Dockerfile             | 11 ++++++++---
 deploy/alpine.Dockerfile      | 11 ++++++++---
 3 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1a65f14..031c3c1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -124,7 +124,16 @@ jobs:
           context: .
           push: true
           file: deploy/Dockerfile
+          target: base
           tags: s3rius/rustus:latest,s3rius/rustus:${{env.APP_VERSION}}
+      - name: Build and push rootless
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          file: deploy/Dockerfile
+          target: rootless
+          tags: s3rius/rustus:${{env.APP_VERSION}}-rootless
 
   upload_helm:
     runs-on: ubuntu-latest
@@ -208,6 +217,17 @@ jobs:
           context: .
           push: true
           file: deploy/alpine.Dockerfile
-          tags: s3rius/rustus:${{env.APP_VERSION}}-alpine
+          target: base
+          tags: s3rius/rustus:latest-alpine,s3rius/rustus:${{env.APP_VERSION}}-alpine
+          build-args: |
+            app_version=${{env.APP_VERSION}}
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          file: deploy/alpine.Dockerfile
+          target: rootless
+          tags: s3rius/rustus:${{env.APP_VERSION}}-rootless-alpine
           build-args: |
             app_version=${{env.APP_VERSION}}
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
index acd2de4..18726fd 100644
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@@ -11,9 +11,14 @@ COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --features=all,metrics --recipe-path recipe.json
 # Build application
 COPY . .
-RUN cargo build --release --bin rustus --features=all
+RUN cargo build --release --bin rustus --features=all,metrics
 
-FROM debian:bullseye-20211201-slim AS runtime
-WORKDIR /app
+FROM debian:bullseye-20211201-slim AS base
 COPY --from=builder /app/target/release/rustus /usr/local/bin/
 ENTRYPOINT ["/usr/local/bin/rustus"]
+
+FROM base as rootless
+
+RUN useradd --create-home  -u 1000 --user-group rustus
+WORKDIR /home/rustus
+USER rustus
\ No newline at end of file
diff --git a/deploy/alpine.Dockerfile b/deploy/alpine.Dockerfile
index deb1275..f2309ca 100644
--- a/deploy/alpine.Dockerfile
+++ b/deploy/alpine.Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15.0
+FROM alpine:3.15.0 as base
 
 ARG app_version
 
@@ -7,6 +7,11 @@ ADD "https://github.com/s3rius/rustus/releases/download/${app_version}/rustus-${
 RUN tar xvf *.tar.gz
 RUN rm *.tar.gz
 RUN mv rustus /bin
-WORKDIR /app
 
-ENTRYPOINT ["/bin/rustus"]
\ No newline at end of file
+ENTRYPOINT ["/bin/rustus"]
+
+FROM base as rootless
+
+RUN adduser -u 1000 --disabled-password rustus
+WORKDIR /home/rustus
+USER rustus
\ No newline at end of file
-- 
GitLab