From 155d7c4a8736df7a2ced5644be8dfc93fd0116aa Mon Sep 17 00:00:00 2001
From: Moul <moul@moul.re>
Date: Mon, 5 Apr 2021 22:18:29 +0200
Subject: [PATCH] [wip] #388: Dockerfile into two steps

---
 Dockerfile | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 26b14fea..8517f74a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,36 @@
-FROM registry.duniter.org/docker/python3/poetry/3.9:latest
+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+FROM registry.duniter.org/docker/python3/poetry/3.9:latest as build
+
+WORKDIR /silkaj
 
-RUN ls && ls silkaj
+# Copy source tree
+COPY ./ ./
 
 # Install Silkaj
 RUN poetry install
 
+# ------------------------------------------------------------------------------
+# Final Stage
+# ------------------------------------------------------------------------------
+FROM registry.duniter.org/docker/python3/poetry/3.9:latest
+
+# Create silkaj group and user
+RUN addgroup -S -g 1111 silkaj && \
+	adduser -SD -h /silkaj -G silkaj -u 1111 silkaj
+
+# Copy the build artifact from the build stage
+COPY --from=build --chown=silkaj:silkaj	/silkaj /silkaj
+
 # Set up alias to directly get silkaj command
 # https://stackoverflow.com/a/3638886
 RUN printf '#!/bin/bash\npoetry run silkaj "$@"' > /usr/bin/silkaj && \
-    chmod +x /usr/bin/silkaj
+    chmod +x /usr/bin/silkaj && \
+    chown silkaj: /usr/bin/silkaj
+
+# Use silkaj user
+USER silkaj
+WORKDIR /silkaj
 
 CMD ["/usr/bin/silkaj"]
-- 
GitLab