build: non-root USER, curl HEALTHCHECK, Nexus healthcheck in compose

2026-05-11 22:33:20 +03:00
parent 56786c7aef
commit 4834fd1621
2 changed files with 13 additions and 2 deletions
--- a/9
+++ b/9
@@ -15,13 +15,18 @@ RUN uv pip install --system "guarddog>=2.10.0"

 RUN mkdir -p /data /tmp/guarddog-nexus

+RUN groupadd -r app && useradd -r -g app app && \
+    chown -R app:app /app /data /tmp/guarddog-nexus
+
+USER app
+
 ENV DATABASE_PATH=/data/guarddog.db
 ENV TEMP_DIR=/tmp/guarddog-nexus
 ENV PYTHONDONTWRITEBYTECODE=1

 EXPOSE 8080

-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-    CMD python -c "from urllib.request import urlopen; urlopen('http://localhost:8080/health')"
+HEALTHCHECK --interval=30s --timeout=3s --start-period=15s --retries=3 \
+    CMD curl -sf http://localhost:8080/health/dependencies || exit 1

 CMD ["python", "-m", "guarddog_nexus.main"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,6 +32,12 @@ services:
    volumes:
      - nexus-data:/nexus-data
    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-sf", "http://localhost:8081/service/rest/v1/status"]
+      interval: 15s
+      timeout: 5s
+      start_period: 60s
+      retries: 10

  nexus-setup:
    image: alpine:3.21