From a5469c939e71d138fdbecfdbddc8ede930062daf Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Dec 2025 16:32:47 +0800 Subject: [PATCH] refactor: run container as non-root dedicated drone user - Add a dedicated drone user and group for running the container - Change file ownership of the drone-jenkins binary to the drone user - Switch container execution to use the drone user instead of root Signed-off-by: Bo-Yi Wu --- docker/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index fd23adf..1919dee 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -15,6 +15,12 @@ LABEL org.opencontainers.image.licenses=MIT RUN apk add --no-cache ca-certificates && \ rm -rf /var/cache/apk/* +RUN addgroup -g 1000 drone && \ + adduser -D -u 1000 -G drone drone + COPY release/${TARGETOS}/${TARGETARCH}/drone-jenkins /bin/ +RUN chown drone:drone /bin/drone-jenkins + +USER drone ENTRYPOINT ["/bin/drone-jenkins"]