svrnty/docker-dotnet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
74bb1f6070
docker-dotnet/dockerfiles/sdk.Dockerfile
Mathias Beaulieu-Duncan 74bb1f6070 Run SDK image as nonroot (UID 65532) for Docker Scout compliance 
- apko/sdk.yaml: run-as 65532, create /home/nonroot and /app owned by nonroot
- sdk.Dockerfile: USER 65532, set HOME and DOTNET_CLI_HOME to /home/nonroot
- README/DOCKERHUB: update examples to use COPY --chown=nonroot and /app/publish

dotnet restore writes NuGet cache to $DOTNET_CLI_HOME/.nuget/packages
which is now /home/nonroot/.nuget/packages — no root needed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 15:39:51 -05:00

13 lines
359 B
Docker
Raw Blame History

FROM scratch
ARG TARGETARCH
ADD build-${TARGETARCH}/sdk/rootfs.tar.gz /
COPY dotnet-${TARGETARCH}/sdk/ /usr/share/dotnet/
ENV DOTNET_ROOT=/usr/share/dotnet
ENV PATH="/usr/share/dotnet:${PATH}"
ENV DOTNET_RUNNING_IN_CONTAINER=true
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV HOME=/home/nonroot
ENV DOTNET_CLI_HOME=/home/nonroot
WORKDIR /app
USER 65532
Reference in New Issue View Git Blame Copy Permalink