From e05b24cc32893ddb67dd6bb7b01756ce0354495c Mon Sep 17 00:00:00 2001 From: miiu Date: Tue, 5 May 2026 13:53:16 +0300 Subject: [PATCH] update --- .github/workflows/deploy-docker.yaml | 2 ++ docker/Dockerfile | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/deploy-docker.yaml b/.github/workflows/deploy-docker.yaml index 98624ff..c8e3ebe 100644 --- a/.github/workflows/deploy-docker.yaml +++ b/.github/workflows/deploy-docker.yaml @@ -46,5 +46,7 @@ jobs: file: ./docker/Dockerfile platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} + provenance: mode=max + sbom: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/docker/Dockerfile b/docker/Dockerfile index d3b00a9..7723d56 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -32,11 +32,16 @@ FROM ubuntu:22.04 ARG TARGETARCH RUN apt-get update -y && apt-get upgrade -y +RUN useradd --create-home --uid 10001 --shell /usr/sbin/nologin appuser + COPY --from=builder "/go/mx-chain-go/cmd/node" "/go/mx-chain-go/cmd/node/" # Copy architecture-specific files COPY --from=builder "/lib_${TARGETARCH}/*" "/lib/" +RUN chown -R appuser:appuser /go/mx-chain-go/cmd/node + WORKDIR /go/mx-chain-go/cmd/node/ +USER appuser EXPOSE 8080 ENTRYPOINT ["/go/mx-chain-go/cmd/node/node", "--rest-api-interface=:8080"]