Container as non root and read only#81
Conversation
This make the change non breaking if user do not mark container as read_only
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #81 +/- ##
==========================================
- Coverage 99.52% 99.30% -0.23%
==========================================
Files 5 6 +1
Lines 211 286 +75
Branches 29 58 +29
==========================================
+ Hits 210 284 +74
- Misses 1 2 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This reverts commit 8116eb6.
|
Unfortunately, |
| - `TIMEZONE`: Timezone for the cron job (default: `Etc/UTC`) | ||
| - `RUN_ON_START`: Whether to run the sync on startup (default: `false`) - Please note that when setting this to `true`, you may get a notice email from SimpleFin (if you use that service), as they expect only a bank sync once a day. | ||
| - `ENFORCE_READ_ONLY`: Optional hard-fail toggle for writable container root filesystems. Set `true` to enforce now (default: `false` for compatibility). | ||
| - `ACTUAL_DATA_DIR`: Deprecated legacy data directory override. Kept for compatibility only and planned for removal in the next major release. |
There was a problem hiding this comment.
I introduced this env variable in this MR. you could remove it instead of deprecating it.
There was a problem hiding this comment.
ah yeah, i think we can ignore this and always use /data inside the container
I don't see why we would need to change this. I will look at removing this in this PR.
There was a problem hiding this comment.
I added ACTUAL_DATA_DIR because I did not want local tests to write to my host computer /data.
2 participants
Add an env variable
ACTUAL_DATA_DIRto customize where the data is written.User can mount this directory and make the container read only.
Process node is run as node user (uid=1000, gid=1000).
Possible improvement
Close #79