refactor: drop helper tools and run rootless by default

2024-07-18 21:46:25 +02:00 · 2024-07-18 21:46:25 +02:00 · 708cce23d0
commit 708cce23d0
parent d2e5121a61
1 changed files with 7 additions and 31 deletions
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@ -11,47 +11,21 @@ ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT

-ARG GOMPLATE_VERSION
-ARG SUPERCRONIC_VERSION
-ARG URL_PARSER_VERSION
-ARG WAIT_FOR_VERSION
-ARG CONTAINER_LIBRARY
-
-# renovate: datasource=github-releases depName=hairyhenderson/gomplate
-ENV GOMPLATE_VERSION="${GOMPLATE_VERSION:-v4.1.0}"
-# renovate: datasource=github-releases depName=aptible/supercronic
-ENV SUPERCRONIC_VERSION="${SUPERCRONIC_VERSION:-v0.2.30}"
-# renovate: datasource=github-releases depName=thegeeklab/url-parser
-ENV URL_PARSER_VERSION="${URL_PARSER_VERSION:-v2.0.5}"
-# renovate: datasource=github-releases depName=thegeeklab/wait-for
-ENV WAIT_FOR_VERSION="${WAIT_FOR_VERSION:-v0.4.2}"
-# renovate: datasource=git-tags depName=https://gitea.rknet.org/container/container-library
-ENV CONTAINER_LIBRARY="${CONTAINER_LIBRARY:-v0.1.3}"
-
 RUN addgroup -g 101 -S nginx && \
-    adduser -S -D -H -u 101 -h /var/www -s /sbin/nologin -G nginx -g nginx nginx && \
+    adduser -S -D -H -u 101 -h /var/lib/nginx/html -s /sbin/nologin -G nginx -g nginx nginx && \
    apk --update add --virtual .build-deps curl && \
    apk --update --no-cache add nginx ca-certificates && \
    apk --no-cache upgrade libcrypto3 libssl3 && \
-    rm -rf /var/www/localhost && \
+    rm -rf /var/www && \
    rm -rf /etc/nginx/conf.d && \
-    curl -SsfL "https://gitea.rknet.org/container/container-library/releases/download/${CONTAINER_LIBRARY}/container-library.tar.gz" | tar xz -C / && \
-    curl -SsfL -o /usr/local/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" && \
-    curl -SsfL -o /usr/local/bin/supercronic "https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-${TARGETOS}-${TARGETARCH}" && \
-    curl -SsfL -o /usr/local/bin/url-parser "https://github.com/thegeeklab/url-parser/releases/download/${URL_PARSER_VERSION}/url-parser-${TARGETOS}-${TARGETARCH}${TARGETVARIANT//v/-}" && \
-    curl -SsfL -o /usr/local/bin/wait-for "https://github.com/thegeeklab/wait-for/releases/download/${WAIT_FOR_VERSION}/wait-for" && \
-    chmod 755 /usr/local/bin/gomplate && \
-    chmod 755 /usr/local/bin/supercronic && \
-    chmod 755 /usr/local/bin/url-parser && \
-    chmod 755 /usr/local/bin/wait-for && \
    touch /run/nginx.pid && \
    chown nginx /run/nginx.pid && \
    chown -R nginx /var/log/nginx && \
    mkdir -p /var/cache/nginx && \
    chown -R nginx /var/cache/nginx && \
    chmod -R 750 /var/cache/nginx && \
-    chown -R nginx:nginx /var/www && \
-    chmod -R 750 /var/www && \
+    chown -R nginx:nginx /var/lib/nginx/html && \
+    chmod -R 750 /var/lib/nginx/html && \
    apk del .build-deps && \
    rm -rf /var/cache/apk/* && \
    rm -rf /tmp/*
@ -59,7 +33,9 @@ RUN addgroup -g 101 -S nginx && \
 ADD overlay/ /

 EXPOSE 8080
-
 STOPSIGNAL SIGTERM

+WORKDIR /var/lib/nginx/html
+USER 101
+
 CMD ["nginx", "-g", "daemon off;"]