fix: run app as spejstore user, not root

This commit is contained in:
Dariusz Niemczyk 2024-02-01 12:36:39 +01:00
parent b94ab204d8
commit 8812e6c0d3
No known key found for this signature in database
2 changed files with 4 additions and 2 deletions

View File

@ -45,5 +45,6 @@
"yzhang.markdown-all-in-one" "yzhang.markdown-all-in-one"
] ]
} }
} },
"containerUser": "spejstore"
} }

View File

@ -12,6 +12,7 @@ ADD requirements.txt /code/
RUN pip install --no-cache-dir -r requirements.txt RUN pip install --no-cache-dir -r requirements.txt
ADD . /code/ ADD . /code/
RUN python -m pip install gunicorn RUN groupadd --gid 1000 spejstore && useradd --uid 1000 --gid 1000 --home /code --shell /bin/bash spejstore
USER spejstore
CMD bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application" CMD bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"