Zuev/magistr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Enhance Dockerfile security with non-root users and correct file permissions, and adjust Gitea workflow action versions.
All checks were successful
Build and Push Docker Images / build-and-push-backend (push) Successful in 17s
Details
Build and Push Docker Images / build-and-push-frontend (push) Successful in 10s
Details
Build and Push Docker Images / deploy-to-k8s (push) Successful in 1m25s
Details

Browse Source
This commit is contained in:
Zuev
2026-03-17 02:47:57 +03:00
parent d69eab1c12
commit 04feb5a3c3
3 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.gitea/workflows/docker-build.yaml
View File

@@ -17,10 +17,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v6 uses: actions/checkout@v4
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@v4 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -28,12 +28,12 @@ jobs:
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@v6 uses: docker/metadata-action@v5
with: with:
images: ${{ env.REGISTRY }}/${{ env.BACKEND_IMAGE }} images: ${{ env.REGISTRY }}/${{ env.BACKEND_IMAGE }}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v7 uses: docker/build-push-action@v6
with: with:
context: ./backend context: ./backend
push: true push: true
@@ -45,10 +45,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v6 uses: actions/checkout@v4
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@v4 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -56,12 +56,12 @@ jobs:
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@v6 uses: docker/metadata-action@v5
with: with:
images: ${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE }} images: ${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE }}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v7 uses: docker/build-push-action@v6
with: with:
context: ./frontend context: ./frontend
push: true push: true

5
backend/Dockerfile
View File

@@ -6,6 +6,11 @@ COPY src ./src
RUN mvn package -DskipTests -B RUN mvn package -DskipTests -B
FROM eclipse-temurin:17-jre-alpine FROM eclipse-temurin:17-jre-alpine
# Best practice: run as a non-root user
RUN addgroup -S spring && adduser -S spring -G spring
USER spring:spring
WORKDIR /app WORKDIR /app
COPY --from=build /app/target/app.jar app.jar COPY --from=build /app/target/app.jar app.jar
EXPOSE 8080 EXPOSE 8080

3
frontend/Dockerfile
View File

@@ -1,2 +1,5 @@
FROM httpd:alpine FROM httpd:alpine
COPY . /usr/local/apache2/htdocs/ COPY . /usr/local/apache2/htdocs/
# Set appropriate permissions for the web server to serve static files
RUN chown -R www-data:www-data /usr/local/apache2/htdocs/