[Security] Run docker as non root user and provide distroless images #209
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rations - Add customizable UID/GID build args for peekaping user in all Dockerfiles - Update supervisord configs to run server and caddy as peekaping user - Add security documentation for non-root execution and volume permissions - Include docker-socket-proxy setup for enhanced Docker monitoring security - Support both regular and distroless bundle variants with non-root execution BREAKING CHANGE: Services now run as non-root user by default. Custom UID/GID can be configured via build args or environment variables.
…and PostgreSQL - Introduce multi-stage Dockerfiles for distroless bundle variants, enhancing security by running as non-root users. - Implement build processes for Go server and React web app, with configurations for SQLite, MongoDB, and PostgreSQL. - Update documentation to include usage instructions for distroless bundles, emphasizing the need for external database setups and migration processes. - Ensure all scripts are executable and set proper ownership for security compliance.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #209 +/- ##
=======================================
Coverage 18.61% 18.61%
=======================================
Files 181 181
Lines 18826 18826
=======================================
Hits 3504 3504
Misses 15161 15161
Partials 161 161 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…xisting groups - Modify user and group creation commands in various Dockerfiles to ensure they do not fail if the group already exists. - This change enhances the robustness of the Docker build process across SQLite, MongoDB, PostgreSQL, and their distroless variants.
…QLite configurations for caddy2
…xisting users - Modify user and group creation commands in various Dockerfiles to ensure they do not fail if the user already exists. - This change enhances the robustness of the Docker build process across SQLite, MongoDB, PostgreSQL, and their distroless variants. - Update supervisord configurations to run as 'root' for MongoDB, PostgreSQL, and SQLite.
Contributor
Author
|
There is
which might be incorporated into this PR but I am not keen to do it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@SenpaiSimon are you interested to test this?
Resolves #163