da748c2cae
- Removed the creation of a home directory for the nginx user, simplifying the setup for a stateless image. - Updated git configuration to use a temporary home directory, enhancing compatibility with non-root user practices. - Adjusted ownership of the temporary git configuration file to align with UID and GID parameters.
40 lines
1.2 KiB
Docker
40 lines
1.2 KiB
Docker
# syntax=docker/dockerfile:1
|
||
# Même logique que l’image upstream : UID/GID numériques, pas le nom « nginx ».
|
||
# https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/stable/alpine/Dockerfile
|
||
FROM nginxinc/nginx-unprivileged:stable-alpine
|
||
|
||
ARG UID=101
|
||
ARG GID=101
|
||
|
||
USER root
|
||
RUN --mount=type=cache,target=/var/cache/apk \
|
||
apk add --no-cache git
|
||
|
||
WORKDIR /usr/share/nginx/html
|
||
|
||
ARG TALKS_REPO_URL=https://git.specificat.io/arnault/Talks.git
|
||
ARG TALKS_BRANCH=main
|
||
ARG TALKS_SPARSE_DIR=content
|
||
|
||
RUN find . -mindepth 1 -delete \
|
||
&& git clone --filter=blob:none --sparse --branch "${TALKS_BRANCH}" --single-branch "${TALKS_REPO_URL}" . \
|
||
&& git sparse-checkout init --cone \
|
||
&& git sparse-checkout set "${TALKS_SPARSE_DIR}"
|
||
|
||
COPY nginx/default.conf /etc/nginx/conf.d/default.conf
|
||
COPY refresh.sh /refresh.sh
|
||
|
||
# Pas de « su 101 » : git config en root puis chown. HOME=/tmp : pas de /home artificiel dans une image stateless.
|
||
RUN chmod +x /refresh.sh \
|
||
&& chown -R "${UID}:${GID}" /usr/share/nginx/html /refresh.sh \
|
||
&& HOME=/tmp git config --global --add safe.directory /usr/share/nginx/html \
|
||
&& chown "${UID}:${GID}" /tmp/.gitconfig
|
||
|
||
ENV HOME=/tmp
|
||
|
||
USER ${UID}
|
||
|
||
EXPOSE 8080
|
||
|
||
CMD sh -c "/refresh.sh & exec nginx -g 'daemon off;'"
|