mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-09 20:21:53 +01:00
6f335bdb1a
This change involves using non-root user to run the process of the docker images. Also made update in Dockerfile to make the containers support "read-only" and introduce "HEALTHCHECK". Note the "read-only" options are not enabled in docker-compose, to cover the very corner case when user wants to update the container filesystem manually. Remove read only option from docker-compose template by default
20 lines
387 B
Bash
20 lines
387 B
Bash
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
if [ -d /etc/registry ]; then
|
|
chown 10000:10000 -R /etc/registry
|
|
fi
|
|
if [ -d /var/lib/registry ]; then
|
|
chown 10000:10000 -R /var/lib/registry
|
|
fi
|
|
if [ -d /storage ]; then
|
|
chown 10000:10000 -R /storage
|
|
fi
|
|
case "$1" in
|
|
*.yaml|*.yml) set -- registry serve "$@" ;;
|
|
serve|garbage-collect|help|-*) set -- registry "$@" ;;
|
|
esac
|
|
|
|
sudo -E -u \#10000 "$@"
|