docker: build both root and non-root container images (#412)
Change the user back to root for containers. Additionally, built a "non-root" labeled container for users who wish to have the additional security of running llama-swap as a lower privileged user.
This commit is contained in:
@@ -45,11 +45,26 @@ if [[ -z "$LCPP_TAG" ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CONTAINER_TAG="ghcr.io/mostlygeek/llama-swap:v${LS_VER}-${ARCH}-${LCPP_TAG}"
|
for CONTAINER_TYPE in non-root root; do
|
||||||
CONTAINER_LATEST="ghcr.io/mostlygeek/llama-swap:${ARCH}"
|
CONTAINER_TAG="ghcr.io/mostlygeek/llama-swap:v${LS_VER}-${ARCH}-${LCPP_TAG}"
|
||||||
echo "Building ${CONTAINER_TAG} $LS_VER"
|
CONTAINER_LATEST="ghcr.io/mostlygeek/llama-swap:${ARCH}"
|
||||||
docker build -f llama-swap.Containerfile --build-arg BASE_TAG=${BASE_TAG} --build-arg LS_VER=${LS_VER} -t ${CONTAINER_TAG} -t ${CONTAINER_LATEST} .
|
USER_UID=0
|
||||||
if [ "$PUSH_IMAGES" == "true" ]; then
|
USER_GID=0
|
||||||
docker push ${CONTAINER_TAG}
|
USER_HOME=/root
|
||||||
docker push ${CONTAINER_LATEST}
|
|
||||||
fi
|
if [ "$CONTAINER_TYPE" == "non-root" ]; then
|
||||||
|
CONTAINER_TAG="${CONTAINER_TAG}-non-root"
|
||||||
|
CONTAINER_LATEST="${CONTAINER_LATEST}-non-root"
|
||||||
|
USER_UID=10001
|
||||||
|
USER_GID=10001
|
||||||
|
USER_HOME=/app
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Building $CONTAINER_TYPE $CONTAINER_TAG $LS_VER"
|
||||||
|
docker build -f llama-swap.Containerfile --build-arg BASE_TAG=${BASE_TAG} --build-arg LS_VER=${LS_VER} --build-arg UID=${USER_UID} \
|
||||||
|
--build-arg GID=${USER_GID} --build-arg USER_HOME=${USER_HOME} -t ${CONTAINER_TAG} -t ${CONTAINER_LATEST} .
|
||||||
|
if [ "$PUSH_IMAGES" == "true" ]; then
|
||||||
|
docker push ${CONTAINER_TAG}
|
||||||
|
docker push ${CONTAINER_LATEST}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|||||||
Reference in New Issue
Block a user