X-Git-Url: http://these/git/?a=blobdiff_plain;f=docker%2FDockerfile;h=02c2e572c9e7c69f4744ca7b3836c3eec1ba191e;hb=HEAD;hp=5943e1710f72004066c8478568ef29c52f183013;hpb=418bca78e195a047c5abfbad7a20c2825fe749b3;p=lemmy.git

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 5943e171..02c2e572 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -2,6 +2,9 @@ FROM clux/muslrust:1.70.0 as builder
 WORKDIR /app
 ARG CARGO_BUILD_TARGET=x86_64-unknown-linux-musl
 
+# comma-seperated list of features to enable
+ARG CARGO_BUILD_FEATURES=default
+
 # This can be set to release using --build-arg
 ARG RUST_RELEASE_MODE="debug"
 
@@ -13,7 +16,7 @@ COPY . .
 RUN --mount=type=cache,target=/app/target \
     if [ "$RUST_RELEASE_MODE" = "debug" ] ; then \
       echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \
-      && cargo build --target ${CARGO_BUILD_TARGET} \
+      && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} \
       && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \
     fi
 
@@ -21,7 +24,7 @@ RUN --mount=type=cache,target=/app/target \
 RUN \
     if [ "$RUST_RELEASE_MODE" = "release" ] ; then \
       echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \
-      && cargo build --target ${CARGO_BUILD_TARGET} --release \
+      && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} --release \
       && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \
     fi
 
@@ -29,9 +32,14 @@ RUN \
 FROM alpine:3 as lemmy
 
 # Install libpq for postgres
-RUN apk add libpq
+RUN apk add --no-cache libpq
 
 # Copy resources
 COPY --from=builder /app/lemmy_server /app/lemmy
 
+# Create non-privileged user
+RUN adduser -h /app -s sh -S -u 1000 lemmy
+RUN chown -R lemmy /app
+USER lemmy
+
 CMD ["/app/lemmy"]