expose port and drop to nobody user in go example

2023-11-01 17:05:52 -07:00 · 2023-11-01 17:05:52 -07:00 · 6a5d7ba797
parent e491f8d6ad
commit 6a5d7ba797
1 changed files with 10 additions and 2 deletions
--- a/examples/go_http_hello/Dockerfile
+++ b/examples/go_http_hello/Dockerfile
@ -1,9 +1,17 @@
 ARG GO_IMAGE=ocirep:go
 FROM ${GO_IMAGE} as build
 COPY . .
-RUN cargo build main.go
+RUN go build main.go
+
+RUN mkdir -p rootfs/etc \
+    && echo "nogroup:*:100:nobody" > ~/rootfs/etc/group \
+    && echo "nobody:*:100:100:::" > ~/rootfs/etc/passwd \
+    && cp main rootfs/

 ARG CA_IMAGE=ocirep:ca-certificates
 FROM scratch
 COPY --from=${CA_IMAGE} /
-COPY --from=build main .
+COPY --from=build --chown=100:100 rootfs /
+USER 100:100
+EXPOSE 8080
+ENTRYPOINT main