refactor: run container as non-root dedicated drone user

- Add a dedicated drone user and group for running the container - Change file ownership of the drone-jenkins binary to the drone user - Switch container execution to use the drone user instead of root Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2026-06-04 10:15:02 +08:00 · 2025-12-01 16:32:47 +08:00
parent a6d967789d
commit a5469c939e
1 changed files with 6 additions and 0 deletions
@@ -15,6 +15,12 @@ LABEL org.opencontainers.image.licenses=MIT
 RUN apk add --no-cache ca-certificates && \
  rm -rf /var/cache/apk/*

+RUN addgroup -g 1000 drone && \
+  adduser -D -u 1000 -G drone drone
+
 COPY release/${TARGETOS}/${TARGETARCH}/drone-jenkins /bin/
+RUN chown drone:drone /bin/drone-jenkins
+
+USER drone

 ENTRYPOINT ["/bin/drone-jenkins"]