-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Dockerfile permissions for Github Actions
- Loading branch information
1 parent
7c9d12e
commit 2db2a88
Showing
1 changed file
with
13 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,11 @@ | ||
| # Notes: | ||
| # - about USER: GitHub Actions requires Docker actions to run as the default Docker user (root). This is because non-root users might not have access to the GITHUB_WORKSPACE directory. | ||
| # - about WORKDIR: GitHub recommends avoiding the use of the WORKDIR instruction in Dockerfiles for actions. This is because GitHub sets the working directory path in the GITHUB_WORKSPACE environment variable and mounts this directory at the specified location in the Docker image, potentially overwriting anything that was there. | ||
| # - about ENTRYPOINT: GitHub Actions recommend using an absolute path for the entrypoint. | ||
|
|
||
| # Builder stage | ||
| FROM eclipse-temurin:17.0.8.1_1-jre-jammy as builder | ||
|
|
||
| # Set the working directory | ||
| WORKDIR /build | ||
|
|
||
| # Install dependencies | ||
| RUN apt-get update && \ | ||
| apt-get install -y unzip && \ | ||
|
|
@@ -16,10 +18,10 @@ RUN wget https://downloads.sourceforge.net/project/plantuml/plantuml.jar -O /usr | |
| chmod +x /usr/local/bin/plantuml | ||
|
|
||
| # Copy and setup Structurizr CLI | ||
| COPY structurizr-cli-*.zip /build/ | ||
| RUN mkdir /build/structurizr-cli && \ | ||
| unzip structurizr-cli-*.zip -d /build/structurizr-cli && \ | ||
| chmod +x /build/structurizr-cli/structurizr.sh && \ | ||
| COPY structurizr-cli-*.zip / | ||
| RUN mkdir /structurizr-cli && \ | ||
| unzip structurizr-cli-*.zip -d /structurizr-cli && \ | ||
| chmod +x /structurizr-cli/structurizr.sh && \ | ||
| rm structurizr-cli-*.zip | ||
|
|
||
| ### Final image ### | ||
|
|
@@ -31,23 +33,17 @@ RUN apt-get update && \ | |
| apt-get clean && \ | ||
| rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* | ||
|
|
||
|
|
||
| ### Create a non-root user ### | ||
| RUN useradd -m structurizr | ||
| USER structurizr | ||
|
|
||
| # Copy necessary files from builder stage | ||
| COPY --from=builder /build /usr/local/structurizr-cli | ||
| COPY --from=builder /structurizr-cli /usr/local/structurizr-cli | ||
| COPY --from=builder /usr/local/bin/plantuml.jar /usr/local/bin/ | ||
| COPY --from=builder /usr/local/bin/plantuml /usr/local/bin/ | ||
|
|
||
| # Set the working directory and update PATH | ||
| WORKDIR /usr/local/structurizr-cli | ||
| # Update PATH | ||
| ENV PATH /usr/local/structurizr-cli/:/usr/local/bin/:$PATH | ||
|
|
||
| # Setup Git configuration | ||
| RUN git config --global user.name github-actions && \ | ||
| git config --global user.email [email protected] | ||
|
|
||
| # Set the entry point | ||
| ENTRYPOINT ["./structurizr.sh"] | ||
| # Set the entry point with an absolute path | ||
| ENTRYPOINT ["/usr/local/structurizr-cli/structurizr.sh"] | ||