set user to sfnotifier in Dockerfile
Change-Id: I72617c606d5a6b0021989cf740f95f3302be8a40
Related-To: MKE-9561
diff --git a/Dockerfile b/Dockerfile
index d8d1526..a37a2a2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,8 @@
FROM python:3.11.0-alpine3.16
-LABEL build_date="2022-11-02"
-
WORKDIR /app
ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1
+ENV LOGPATH=/var/log/sf-notifier/sfnotifier.log
COPY requirements.txt ./
RUN addgroup --gid 1000 \
@@ -13,6 +12,9 @@
--disabled-password \
--home /app \
sfnotifier && \
+ mkdir -p `dirname $LOGPATH` && \
+ touch $LOGPATH && \
+ chown -R 1000:1000 `dirname $LOGPATH` && \
apk upgrade --update --no-cache && \
apk add --no-cache \
build-base \
@@ -21,5 +23,6 @@
pip install --upgrade pip && \
pip install -r /app/requirements.txt && \
apk del build-base
+USER sfnotifier
COPY . .
CMD ./entrypoint.sh
diff --git a/entrypoint.sh b/entrypoint.sh
index fc6325f..104de77 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,16 +1,11 @@
#!/bin/ash
export SIMPLE_SETTINGS=${SIMPLE_SETTINGS:-sf_notifier.settings.production}
-export LOGPATH=/var/log/sf-notifier/sfnotifier.log
WORKERS=${SF_NOTIFIER_WORKERS:-4}
BUFFER=${SF_NOTIFIER_BUFFER_SIZE:-32768}
PORT=${SF_NOTIFIER_APP_PORT:-5000}
-mkdir -p `dirname $LOGPATH`
-touch $LOGPATH
-chown -R 1000:1000 `dirname $LOGPATH`
-
uwsgi -p ${WORKERS} \
--uid 1000 \
--gid 1000 \