From 81d695b1a2fd7726aa4600720f507938d59b8ed4 Mon Sep 17 00:00:00 2001 From: Preet Shah <48907607+preetsshah@users.noreply.github.com> Date: Thu, 9 Nov 2023 17:52:10 +0530 Subject: [PATCH] Update Dockerfiles to run OMD as non-root user (#13726) * Update Dockerfiles to run OMD as non-root user * Update Dockerfile to use alpine:3 image * Update Dockerfile to use alpine:3 docker image * Update Dockerfile to use alpine:3 docker image --- docker/development/Dockerfile | 10 +++++++--- docker/docker-compose-quickstart/Dockerfile | 9 +++++++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docker/development/Dockerfile b/docker/development/Dockerfile index 94b8d7f90cf..2116baf4e89 100644 --- a/docker/development/Dockerfile +++ b/docker/development/Dockerfile @@ -10,7 +10,7 @@ # limitations under the License. # Build stage -FROM alpine:3.16 AS build +FROM alpine:3 AS build COPY openmetadata-dist/target/openmetadata-*.tar.gz / @@ -19,7 +19,7 @@ RUN mkdir -p /opt/openmetadata && \ rm openmetadata-*.tar.gz # Final stage -FROM alpine:3.16 +FROM alpine:3 EXPOSE 8585 @@ -30,6 +30,10 @@ COPY docker/openmetadata-start.sh / RUN chmod 777 openmetadata-start.sh +RUN adduser -D openmetadata +RUN chown -R openmetadata:openmetadata /opt/openmetadata +USER openmetadata + WORKDIR /opt/openmetadata ENTRYPOINT [ "/bin/bash" ] -CMD ["/openmetadata-start.sh"] \ No newline at end of file +CMD ["/openmetadata-start.sh"] diff --git a/docker/docker-compose-quickstart/Dockerfile b/docker/docker-compose-quickstart/Dockerfile index e76f6c6b1c4..1c95e4365fa 100644 --- a/docker/docker-compose-quickstart/Dockerfile +++ b/docker/docker-compose-quickstart/Dockerfile @@ -10,7 +10,7 @@ # limitations under the License. # Build stage -FROM alpine:3.15 AS build +FROM alpine:3 AS build ARG RI_VERSION="1.2.0" ENV RELEASE_URL="https://github.com/open-metadata/OpenMetadata/releases/download/${RI_VERSION}-release/openmetadata-${RI_VERSION}.tar.gz" @@ -20,7 +20,7 @@ RUN mkdir -p /opt/openmetadata && \ rm openmetadata-*.tar.gz # Final stage -FROM alpine:3.15 +FROM alpine:3 ARG RI_VERSION="1.2.0" ARG BUILD_DATE ARG COMMIT_ID @@ -39,6 +39,11 @@ COPY docker/openmetadata-start.sh ./ COPY --from=build /opt/openmetadata /opt/openmetadata RUN apk add --update --no-cache bash openjdk17-jre && \ chmod 777 openmetadata-start.sh + +RUN adduser -D openmetadata +RUN chown -R openmetadata:openmetadata /opt/openmetadata +USER openmetadata + WORKDIR /opt/openmetadata ENTRYPOINT [ "/bin/bash" ] CMD ["/openmetadata-start.sh"]