summaryrefslogtreecommitdiffstats
path: root/components/datalake-handler/feeder/Dockerfile
diff options
context:
space:
mode:
authorAlexander Mazuruk <a.mazuruk@samsung.com>2021-04-12 18:47:04 +0200
committerVijay Venkatesh Kumar <vv770d@att.com>2021-04-26 23:28:03 +0000
commiteba3e6a23105581e7a00ea3e99123ab480e38787 (patch)
treebfc9e0559f6e577820e27fd9c2fcdbb63fb10843 /components/datalake-handler/feeder/Dockerfile
parent09e6ad9eea88e511de6870b26dfa4b57dec7fcf3 (diff)
Change datalake-handler baseOS to integration-
des: - less layers - user without home, login shell & password - general tidy-up - add quotes in run.sh for safety feeder: - less layers - user without home, login shell & password - general tidy-up - alpine's find is from busybox and is built without extended regex support. grep is used for regex. - adjusted regexes to be more precise Benefits from switching base image over: * minimal {java11,python} images maintained by integration team * using currently "blessed by seccom" versions (:latest tag used) * should limit spread of legal issues across layers * integration images will be the first to have automated compliance documentation * should limit spread of base layers (contributing to deployment footprint - more base layers = more to download, more to store etc...) Issue-ID: INT-1864 Issue-ID: DCAEGEN2-2420 Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com> Change-Id: I02b2b9567680e8a873d13684fd2341339b4bc337
Diffstat (limited to 'components/datalake-handler/feeder/Dockerfile')
-rw-r--r--components/datalake-handler/feeder/Dockerfile44
1 files changed, 22 insertions, 22 deletions
diff --git a/components/datalake-handler/feeder/Dockerfile b/components/datalake-handler/feeder/Dockerfile
index 9d79f7ef..769d21b8 100644
--- a/components/datalake-handler/feeder/Dockerfile
+++ b/components/datalake-handler/feeder/Dockerfile
@@ -1,31 +1,31 @@
FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0
-MAINTAINER Guobiao Mo <guobiaomo@chinamobile.com>
+LABEL maintainer="Guobiao Mo <guobiaomo@chinamobile.com>"
+
+ARG user=datalake
+ARG group=datalake
EXPOSE 1680
USER root
-RUN addgroup datalake && adduser -G datalake -h /home/datalake -D datalake
-RUN mkdir /home/datalake/db_init
-
-WORKDIR /home/datalake
+WORKDIR /datalake
+RUN addgroup $group && adduser --system --shell /bin/false --disabled-password --no-create-home --ingroup $group $user && \
+ chown -R $user:$group /datalake && \
+ chmod g+s /datalake && \
+ mkdir -p /datalake/db_init
#add the fat jar
-COPY target/${JAR_FILE} /home/datalake/
-COPY src/assembly/run.sh /home/datalake/
-
-WORKDIR /home/datalake/db_init
-ADD src/assembly/init_db/scripts/db_init .
-WORKDIR /home/datalake
-COPY src/assembly/init_db/db_scripts/init_db.sql .
-COPY src/assembly/init_db/db_scripts/init_db_data.sql .
-
-RUN chmod -R 0755 ./* && \
- chown -R datalake:datalake /home/datalake
-
-RUN apk --update add postgresql-client curl
-
-USER datalake
-
-ENTRYPOINT /home/datalake/run.sh
+COPY --chown=$user:$group target/${JAR_FILE} .
+COPY --chown=$user:$group src/assembly/run.sh .
+COPY --chown=$user:$group src/assembly/init_db/scripts/db_init ./db_init/
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db.sql .
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db_data.sql .
+
+RUN chmod -R 0755 *.sql && \
+ chmod u+x run.sh && \
+ apk add --no-cache postgresql-client curl
+
+USER $user
+ENTRYPOINT ["/bin/sh"]
+CMD ["run.sh"]