specify user in rootless container numerically (#16361)

* specify user in rootless container numerically

With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container.  The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.

* mention the name of the uid/gid

Co-authored-by: 6543 <6543@obermui.de>
release/v1.15
Tobias Florek 2021-07-08 19:30:09 +00:00 committed by GitHub
parent d06f9ce274
commit 5e819ee1de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -56,7 +56,7 @@ COPY docker/rootless /
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
USER git:git USER 1000:1000 # git:git
ENV GITEA_WORK_DIR /var/lib/gitea ENV GITEA_WORK_DIR /var/lib/gitea
ENV GITEA_CUSTOM /var/lib/gitea/custom ENV GITEA_CUSTOM /var/lib/gitea/custom
ENV GITEA_TEMP /tmp/gitea ENV GITEA_TEMP /tmp/gitea