EXPOSE 8080
-USER root
+USER root
+RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc
ARG ARTIFACT
-ADD ${ARTIFACT} /app.jar
+ADD --chown=sdc:sdc ${ARTIFACT} /app.jar
-COPY org.onap.sdc.p12 /keystore
-COPY org.onap.sdc.trust.jks /truststore
+COPY --chown=sdc:sdc org.onap.sdc.p12 /keystore
+COPY --chown=sdc:sdc org.onap.sdc.trust.jks /truststore
-COPY startup.sh .
+COPY --chown=sdc:sdc startup.sh .
RUN chmod 744 startup.sh
+
+RUN mkdir /var/log/ONAP/
+RUN chown sdc:sdc /var/log/ONAP/
-ENTRYPOINT [ "./startup.sh" ]
\ No newline at end of file
+USER sdc
+ENTRYPOINT [ "./startup.sh" ]
FROM python:2.7-alpine3.8
-RUN pip install cqlsh==5.0.4 && \
- mkdir ~/.cassandra/ && \
+RUN pip install cqlsh==5.0.4
+
+RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc
+USER sdc
+RUN mkdir ~/.cassandra/ && \
echo '[cql]' > ~/.cassandra/cqlshrc && \
echo 'version=3.4.4' >> ~/.cassandra/cqlshrc
+USER root
COPY create_keyspaces.cql create_tables.cql start.sh ./
+RUN chown sdc:sdc create_keyspaces.cql && \
+ chown sdc:sdc create_tables.cql && \
+ chown sdc:sdc start.sh && \
+ chmod 744 start.sh
-RUN chmod 744 start.sh
-
+USER sdc
ENTRYPOINT ["./start.sh"]
COPY org.onap.sdc.p12 org.onap.sdc.trust.jks ${JETTY_BASE}/etc/
-ADD ${ARTIFACT} ${JETTY_BASE}/webapps/
+ADD --chown=jetty:jetty ${ARTIFACT} ${JETTY_BASE}/webapps/
RUN chown -R jetty:jetty ${JETTY_BASE}/webapps ${JETTY_BASE}/etc/
-COPY startup.sh .
+COPY --chown=jetty:jetty startup.sh .
RUN chmod 744 startup.sh
+USER jetty
ENTRYPOINT [ "./startup.sh" ]
Code Review / sdc / sdc-workflow-designer.git / commitdiff