From 1b88e428aebf0207e3e5c900d400914d9ee199a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B6=99=E5=AD=90=E8=B3=A2?= Date: Sun, 24 May 2026 01:30:05 +0800 Subject: [PATCH] feat(docker): non-root user + ENTRYPOINT (#222) Closes #221. - Run as non-root using an Alpine system account (UID auto-assigned from the 100-999 system range, referenced by name to avoid hard-coding). - Replace CMD with ENTRYPOINT so args passed to `docker run` flow through to the deeplx binary. - EXPOSE 1188 for documentation. --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 67fe07a..7ae590b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,5 +6,8 @@ RUN CGO_ENABLED=0 go build -a -installsuffix cgo -o deeplx . FROM alpine:latest WORKDIR /app -COPY --from=builder /go/src/github.com/OwO-Network/DeepLX/deeplx /app/deeplx -CMD ["/app/deeplx"] +RUN addgroup -S deeplx && adduser -h /app -G deeplx -SH deeplx +USER deeplx:deeplx +COPY --from=builder --chown=deeplx:deeplx /go/src/github.com/OwO-Network/DeepLX/deeplx /app/deeplx +EXPOSE 1188 +ENTRYPOINT ["/app/deeplx"]