ARG user=tca-gen2
ARG group=tca-gen2
-WORKDIR ${DOCKER_ARTIFACT_DIR}
-#Copy dependencies and executable jar
-COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} .
-
USER root
-#Symlink to overcome Docker limitation to put ARG inside ENTRYPOINT
-RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
- addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \
- chmod g+rwx /opt; \
- chmod u+rw /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
- chown -R $user /opt && \
- chown -R $user /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
- ln -s ${FINAL_JAR} tca-gen2.jar && \
- chown $user ${FINAL_JAR} tca-gen2.jar
+RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2
+#Add a new user and group to allow container to be run as non-root
+RUN addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \
+ chmod 775 /opt && \
+ chmod 775 /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
+ chown -R $user:$group /opt && \
+ chown -R $user:$group /var/log/ONAP/dcaegen2/analytics/tca-gen2
+
+#Copy dependencies and executable jar
+WORKDIR ${DOCKER_ARTIFACT_DIR}
+COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} .
+#Overcome Docker limitation to put ARG inside ENTRYPOINT
+RUN ln -s ${FINAL_JAR} tca-gen2.jar
EXPOSE 8100
-USER $user
+USER $user:$group
ENTRYPOINT ["java", "-Dspring.profiles.active=configBindingService,dmaap,mongo", "-jar", "tca-gen2.jar"]
Code Review / dcaegen2 / analytics / tca-gen2.git / blobdiff