talexander/organic
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Switch to using read-only root in docker containers.
All checks were successful
rustfmt Build rustfmt has succeeded
Details
rust-test Build rust-test has succeeded
Details
rust-build Build rust-build has succeeded
Details

Browse Source
This commit is contained in:
Tom Alexander
2023-08-31 21:23:51 -04:00
parent 80d77ff5d6
commit a40a504f94
7 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker/organic_build/Makefile
View File

@@ -30,8 +30,8 @@ endif
# NOTE: This target will write to folders underneath the git-root
.PHONY: run
run: build
docker run --rm --init -v "$$(readlink -f ../../):/source" --workdir=/source --mount source=cargo-cache,target=/usr/local/cargo/registry $(IMAGE_NAME)
docker run --rm --init --read-only --mount type=tmpfs,destination=/tmp -v "$$(readlink -f ../../):/source" --workdir=/source --mount source=cargo-cache,target=/usr/local/cargo/registry $(IMAGE_NAME)
.PHONY: shell
shell: build
docker run --rm -i -t --entrypoint /bin/sh -v "$$(readlink -f ../../):/source" --workdir=/source --mount source=cargo-cache,target=/usr/local/cargo/registry $(IMAGE_NAME)
docker run --rm -i -t --entrypoint /bin/sh --mount type=tmpfs,destination=/tmp -v "$$(readlink -f ../../):/source" --workdir=/source --mount source=cargo-cache,target=/usr/local/cargo/registry $(IMAGE_NAME)