Skip to content

Commit 4fc605c

Browse files
muetymuety
committed
fix: allow to run container as non-root user again (resolve #775)
1 parent 5a2994f commit 4fc605c

File tree

3 files changed

+21
-8
lines changed

3 files changed

+21
-8
lines changed

Dockerfile

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,6 @@ RUN mkdir ./data ./app && \
2828
FROM alpine:3
2929
WORKDIR /app
3030

31-
# Note: we're intentionally not running as `app` user, because see https://github.com/muety/wakapi/issues/769.
32-
# The entrypoint script will take care of starting the wakapi process as `app` instead.
33-
3431
RUN addgroup -g 1000 app && \
3532
adduser -u 1000 -G app -s /bin/sh -D app && \
3633
apk add --no-cache bash ca-certificates tzdata
@@ -56,6 +53,8 @@ LABEL org.opencontainers.image.url="https://github.com/muety/wakapi" \
5653
org.opencontainers.image.licenses="MIT" \
5754
org.opencontainers.image.description="A minimalist, self-hosted WakaTime-compatible backend for coding statistics"
5855

56+
USER app
57+
5958
EXPOSE 3000
6059

6160
ENTRYPOINT /app/entrypoint.sh

compose.yml

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,23 @@ services:
1515
WAKAPI_PASSWORD_SALT_FILE: "/run/secrets/password_salt" # alternatively, set WAKAPI_PASSWORD_SALT directly without the use of secrets
1616
WAKAPI_MAIL_SMTP_PASS_FILE: "/run/secrets/smtp_pass" # alternatively, set WAKAPI_MAIL_SMTP_PASS directly without the use of secrets
1717
secrets:
18-
- password_salt
19-
- smtp_pass
20-
- db_password
18+
- source: password_salt
19+
target: password_salt
20+
uid: '1000'
21+
gid: '1000'
22+
mode: '0400'
23+
24+
- source: smtp_pass
25+
target: smtp_pass
26+
uid: '1000'
27+
gid: '1000'
28+
mode: '0400'
29+
30+
- source: db_password
31+
target: db_password
32+
uid: '1000'
33+
gid: '1000'
34+
mode: '0400'
2135

2236
db:
2337
image: postgres:17

entrypoint.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@ file_env "WAKAPI_SUBSCRIPTIONS_STRIPE_SECRET_KEY"
2929
file_env "WAKAPI_SUBSCRIPTIONS_STRIPE_ENDPOINT_SECRET"
3030

3131
if [ "$WAKAPI_DB_TYPE" == "sqlite3" ] || [ "$WAKAPI_DB_TYPE" == "" ]; then
32-
exec su -c "./wakapi" app
32+
exec ./wakapi
3333
else
3434
echo "Waiting for database to come up"
35-
exec ./wait-for-it.sh "$WAKAPI_DB_HOST:$WAKAPI_DB_PORT" -s -t 60 -- su -c "./wakapi" app
35+
exec ./wait-for-it.sh "$WAKAPI_DB_HOST:$WAKAPI_DB_PORT" -s -t 60 -- ./wakapi
3636
fi

0 commit comments

Comments
 (0)