056cf6fa5b
* ci: add Trivy CVE scan to container release workflow * docker: default published images to seaweed user * Revert "ci: add Trivy CVE scan to container release workflow" This reverts commit bc9b7e1cf7a0694e355c5d23b5e323a07e8ba670.
46 lines
1.2 KiB
Docker
46 lines
1.2 KiB
Docker
FROM alpine AS final
|
|
LABEL author="Chris Lu"
|
|
COPY ./weed /usr/bin/weed
|
|
RUN chmod +x /usr/bin/weed && ls -la /usr/bin/weed
|
|
RUN mkdir -p /etc/seaweedfs
|
|
COPY ./filer.toml /etc/seaweedfs/filer.toml
|
|
COPY ./entrypoint.sh /entrypoint.sh
|
|
|
|
# Install dependencies and create non-root user
|
|
RUN apk add --no-cache fuse curl su-exec && \
|
|
addgroup -g 1000 seaweed && \
|
|
adduser -D -u 1000 -G seaweed seaweed
|
|
|
|
# volume server grpc port
|
|
EXPOSE 18080
|
|
# volume server http port
|
|
EXPOSE 8080
|
|
# filer server grpc port
|
|
EXPOSE 18888
|
|
# filer server http port
|
|
EXPOSE 8888
|
|
# master server shared grpc port
|
|
EXPOSE 19333
|
|
# master server shared http port
|
|
EXPOSE 9333
|
|
# s3 server http port
|
|
EXPOSE 8333
|
|
# webdav server http port
|
|
EXPOSE 7333
|
|
|
|
# Create data directory and set proper ownership for seaweed user
|
|
RUN mkdir -p /data/filerldb2 && \
|
|
chown -R seaweed:seaweed /data && \
|
|
chown -R seaweed:seaweed /etc/seaweedfs && \
|
|
chmod 755 /entrypoint.sh
|
|
|
|
VOLUME /data
|
|
WORKDIR /data
|
|
|
|
# Run as non-root by default (satisfies security scanners).
|
|
# Use `docker run --user root` if you need the entrypoint to fix
|
|
# /data volume ownership before dropping privileges.
|
|
USER seaweed
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|