jwillmer · September 7, 2022 11:24
diff --git a/Dockerfile b/Dockerfile
 FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim as base

 RUN apt-get update \
    && apt-get install -y --no-install-recommends libcap2-bin \
    && rm -rf /var/lib/apt/lists/*

 # Allow binding to port 80 and 443 for non root user
 RUN setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet
 
 # Create maranics group and user
 RUN groupadd --system --gid 999 --non-unique maranics
 RUN useradd --system --uid 999 --gid 999 --shell $(which bash) maranics
 WORKDIR /app
 RUN chown maranics:maranics /app
 EXPOSE 80



 FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS backend-build

 WORKDIR /app
 RUN dotnet restore ...
 RUN dotnet test ...
 RUN dotnet publish ...



 FROM base AS final
 COPY --chown=maranics:maranics --from=backend-build /publish/ /app/
 USER maranics:maranics
 # upload folder needs to exist before mounting a volume or the volume will set owner to root
 RUN mkdir wwwroot/uploads
 ENTRYPOINT ["dotnet", "*****.dll"]
	FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim as base

	RUN apt-get update \
	&& apt-get install -y --no-install-recommends libcap2-bin \
	&& rm -rf /var/lib/apt/lists/*

	# Allow binding to port 80 and 443 for non root user
	RUN setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet

	# Create maranics group and user
	RUN groupadd --system --gid 999 --non-unique maranics
	RUN useradd --system --uid 999 --gid 999 --shell $(which bash) maranics
	WORKDIR /app
	RUN chown maranics:maranics /app
	EXPOSE 80



	FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS backend-build

	WORKDIR /app
	RUN dotnet restore ...
	RUN dotnet test ...
	RUN dotnet publish ...



	FROM base AS final
	COPY --chown=maranics:maranics --from=backend-build /publish/ /app/
	USER maranics:maranics
	# upload folder needs to exist before mounting a volume or the volume will set owner to root
	RUN mkdir wwwroot/uploads
	ENTRYPOINT ["dotnet", "*****.dll"]