floryn90 · floryn90 · Nov 10, 2024 · Nov 10, 2024 · Nov 10, 2024 · Nov 10, 2024
diff --git a/Makefile b/Makefile
@@ -16,11 +16,8 @@ prepare: src/bin/buildx
 	@docker run --rm -i -v $$(pwd):/work -u $$(id -u) \
 		klakegg/docker-project-prepare:edge \
 		-t target/bundle
-	@mv target/bundle/Makefile target/bundle/Makefile.original
-	@cat target/bundle/Makefile.original | sed "s:DOCKER_CLI_EXPERIMENTAL=enabled docker buildx:buildx:g" > target/bundle/Makefile
-	@rm target/bundle/Makefile.original
-	@mv target/bundle/Makefile target/bundle/Makefile.original
-	@cat target/bundle/Makefile.original | sed "s:--push:--provenance=true --sbom=true --push:g" > target/bundle/Makefile
+	@sed -i "s:DOCKER_CLI_EXPERIMENTAL=enabled docker buildx:buildx:g" target/bundle/Makefile
+	@sed -i "s:--push:--provenance=true --sbom=true --push:g" target/bundle/Makefile
 
 test: test-docsy test-docuapi
 
@@ -46,7 +43,7 @@ bump:
 	@RELEASE=$(version) bump
 
 src/bin/buildx:
-	@wget -q -O src/bin/buildx https://github.com/docker/buildx/releases/download/v0.17.1/buildx-v0.17.1.linux-amd64
+	@wget -q -O src/bin/buildx https://github.com/docker/buildx/releases/download/v0.18.0/buildx-v0.18.0.linux-amd64
 	@chmod a+x src/bin/buildx
 	@docker buildx create --use
 

diff --git a/src/docker/_imports/ci.df b/src/docker/_imports/ci.df
@@ -1,6 +1,6 @@
 FROM main AS ci
 
 ENV HUGO_ENV="production"
-
+USER hugo
 ENTRYPOINT [ "" ]
 CMD [ "hugo" ]
diff --git a/src/docker/_imports/default_nonroot_user.df b/src/docker/_imports/default_nonroot_user.df
@@ -2,9 +2,3 @@
 # Create a custom user with UID 1234 and GID 1234
 RUN getent group hugo 2>&1 > /dev/null || groupadd -g 1234 hugo && \
     getent passwd hugo 2>&1 > /dev/null || useradd -m -u 1234 -g hugo hugo 
-    # && chown -R hugo /src \
-    # && chown -R hugo /target \
-    # add /src to safe.directory
-    #&& git config --global --add safe.directory /src
-
-USER hugo
diff --git a/src/docker/_imports/default_nonroot_user_alpine.df b/src/docker/_imports/default_nonroot_user_alpine.df
@@ -1,5 +1,2 @@
 RUN  getent group hugo 2>&1 > /dev/null || addgroup -g 1234 hugo \
     &&  getent passwd hugo 2>&1 > /dev/null || adduser -u 1234 -D -H -G hugo -g "" hugo 
-    # && chown -R hugo /src \
-    # && chown -R hugo /target
-USER hugo
diff --git a/src/docker/_imports/onbuild.df b/src/docker/_imports/onbuild.df
@@ -13,4 +13,6 @@ ONBUILD ENV HUGO_DESTINATION="${HUGO_DESTINATION_ARG:-/target}" \
 ONBUILD COPY . /src
 ONBUILD WORKDIR ${HUGO_DIR:-/src}
 
+ONBUILD USER hugo
+
 ONBUILD RUN if [ -e "$ONBUILD_SCRIPT_VALUE" ]; then exec sh $ONBUILD_SCRIPT_VALUE; else exec hugo $HUGO_CMD; fi
diff --git a/src/docker/alpine-ext/ext-alpine.df b/src/docker/alpine-ext/ext-alpine.df
@@ -30,6 +30,8 @@ RUN apk -U upgrade && apk add --no-cache libc6-compat gcompat libstdc++ openssl
 
 COPY --from=image / /
 
+IMPORT ../_imports/default_nonroot_user_alpine.df
+
 RUN true \
  #
  # Install npm packages
@@ -44,31 +46,24 @@ RUN true \
  #
  # Prepare folders
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target \
  #
  # add /src to safe.directory
  && git config --global --add safe.directory /src
 
 EXPOSE 1313
 
-IMPORT ../_imports/default_nonroot_user_alpine.df
-
 WORKDIR /src
 
 USER hugo
 
 ENTRYPOINT ["hugo"]
 
-
-
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user_alpine.df
-
-USER hugo
-
 FROM main
 
 USER hugo
diff --git a/src/docker/alpine-ext/ext-asciidoctor.df b/src/docker/alpine-ext/ext-asciidoctor.df
@@ -2,11 +2,15 @@ FROM ext-alpine AS main
 
 USER root
 
+IMPORT ../_imports/default_nonroot_user_alpine.df
+
 RUN apk -U upgrade && apk --no-cache add asciidoctor \
  && gem install coderay --no-document \
- && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf
+ && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
+ && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
+ && chmod -R a+rwx /src /target
 
-IMPORT ../_imports/default_nonroot_user_alpine.df
 
 IMPORT ../_imports/ci.df
 

diff --git a/src/docker/alpine-ext/ext-pandoc.df b/src/docker/alpine-ext/ext-pandoc.df
@@ -8,8 +8,6 @@ IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-USER hugo
-
 FROM main
 
 USER hugo
diff --git a/src/docker/alpine/alpine.df b/src/docker/alpine/alpine.df
@@ -17,21 +17,20 @@ ENV HUGO_BIND="0.0.0.0" \
 
 COPY --from=image / /
 USER root
+IMPORT ../_imports/default_nonroot_user_alpine.df
 RUN apk -U upgrade && apk --no-cache add busybox-suid bash bash-completion tzdata make \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+rwx /src /target 
 
 EXPOSE 1313
-IMPORT ../_imports/default_nonroot_user_alpine.df
 WORKDIR /src
 ENTRYPOINT ["hugo"]
 
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user_alpine.df
-
 FROM main
 USER hugo
diff --git a/src/docker/alpine/asciidoctor.df b/src/docker/alpine/asciidoctor.df
@@ -1,11 +1,10 @@
 FROM alpine AS main
 USER root
+IMPORT ../_imports/default_nonroot_user_alpine.df
 RUN apk -U upgrade && apk --no-cache add asciidoctor \
  && gem install coderay asciidoctor-rouge --no-document \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf
 
-IMPORT ../_imports/default_nonroot_user_alpine.df
-
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df

diff --git a/src/docker/busybox/Dockerfile b/src/docker/busybox/Dockerfile
@@ -18,7 +18,10 @@ ENV HUGO_BIND="0.0.0.0" \
 
 COPY --from=image / /
 
+IMPORT ../_imports/default_nonroot_user_alpine.df
+
 RUN mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target
 
 EXPOSE 1313
@@ -32,4 +35,6 @@ IMPORT ../_imports/ci.df
 IMPORT ../_imports/onbuild.df
 
 
-FROM main
+FROM main
+
+USER hugo
diff --git a/src/docker/debian-ext/Dockerfile b/src/docker/debian-ext/Dockerfile
@@ -20,6 +20,8 @@ COPY --from=image / /
 
 USER root
 
+IMPORT ../_imports/default_nonroot_user.df
+
 RUN true \
  #
  # Install software
@@ -53,21 +55,18 @@ RUN true \
  && rm -rf /var/lib/apt/lists/* \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target \
  #
  # add /src to safe.directory
  && git config --global --add safe.directory /src
 
 COPY --from=base--golang / /
 
-
-
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user.df
-
 FROM main
 
 USER hugo
diff --git a/src/docker/debian/base.df b/src/docker/debian/base.df
@@ -7,18 +7,20 @@ ENV HUGO_BIND="0.0.0.0" \
     HUGO_ENV="DEV" \
     HOME="/tmp"
 USER root
+IMPORT ../_imports/default_nonroot_user.df
+
 RUN apt update \
  && apt full-upgrade -y \
  && DEBIAN_FRONTEND=noninteractive apt install -y wget bash-completion tzdata make ca-certificates \
  && rm -rf /var/lib/apt/lists/* \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target
 
 COPY --from=base--files--debian / /
 
 EXPOSE 1313
-IMPORT ../_imports/default_nonroot_user.df
 WORKDIR /src
 USER hugo
 ENTRYPOINT ["hugo"]
diff --git a/src/docker/debian/debian.df b/src/docker/debian/debian.df
@@ -4,12 +4,12 @@ ENV HUGO_EDITION="standard"
 
 COPY --from=base--hugo--standard / /
 
+IMPORT ../_imports/default_nonroot_user.df
+
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user.df
-
 FROM main
 
 USER hugo
diff --git a/src/docker/ubuntu-ext/Dockerfile b/src/docker/ubuntu-ext/Dockerfile
@@ -20,6 +20,8 @@ COPY --from=image / /
 
 USER root
 
+IMPORT ../_imports/default_nonroot_user.df
+
 RUN true \
  #
  # Install software
@@ -54,21 +56,18 @@ RUN true \
  && rm -rf /var/lib/apt/lists/* \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target \
  #
  # add /src to safe.directory
  && git config --global --add safe.directory /src
 
 COPY --from=base--golang / /
 
-IMPORT ../_imports/default_nonroot_user.df
-
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user.df
-
 FROM main
 
 USER hugo
diff --git a/src/docker/ubuntu/base.df b/src/docker/ubuntu/base.df
@@ -11,16 +11,18 @@ COPY --from=base--files--ubuntu / /
 
 USER root
 
+IMPORT ../_imports/default_nonroot_user.df
+
 RUN apt update \
  && apt -y full-upgrade \
  && DEBIAN_FRONTEND=noninteractive apt install -y wget bash-completion tzdata make ca-certificates \
  && rm -rf /var/lib/apt/lists/* \
  && find /tmp -mindepth 1 -maxdepth 1 | xargs rm -rf \
  && mkdir -p /src /target \
+ && chown -R hugo:hugo /src /target \
  && chmod a+wrx /src /target 
 
 EXPOSE 1313
-IMPORT ../_imports/default_nonroot_user.df
 WORKDIR /src
 
 USER hugo

diff --git a/src/docker/ubuntu/ubuntu.df b/src/docker/ubuntu/ubuntu.df
@@ -4,12 +4,12 @@ ENV HUGO_EDITION="standard"
 
 COPY --from=base--hugo--standard / /
 
+IMPORT ../_imports/default_nonroot_user.df
+
 IMPORT ../_imports/ci.df
 
 IMPORT ../_imports/onbuild.df
 
-IMPORT ../_imports/default_nonroot_user.df
-
 FROM main
 
 USER hugo