feat: updated dokcer image to rootless

BattermanZ · BattermanZ · commit 37e67c364e32 · 2026-01-15T17:31:06.000+01:00
diff --git a/.dockerignore b/.dockerignore
@@ -12,6 +12,11 @@ backups/
 
 # Documentation (excluding LICENSE)
 README.md
+WORKFLOW.md
+AGENTS.md
+
+# Repo metadata not needed for build context
+LICENSE
 
 # IDE and editor files
 .idea/
@@ -21,4 +26,4 @@ README.md
 
 # We don't need the Dockerfile itself in the build context
 Dockerfile
-.dockerignore
+.dockerignore
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Stage 1: Builder using cargo-chef for dependency caching
-FROM rust:1.88-slim-bookworm AS chef
+FROM rust:1.92-slim-bookworm AS chef
 WORKDIR /app
 
 # Install build dependencies
@@ -28,7 +28,7 @@ RUN cargo build --release
 
 # Stage 4: Final image
 # Use a distroless image for a smaller and more secure final image
-FROM gcr.io/distroless/cc-debian12
+FROM gcr.io/distroless/cc-debian13:nonroot
 WORKDIR /app
 
 # Copy the compiled binary from the builder stage
@@ -42,4 +42,4 @@ ENV LOG_CONFIG_PATH=log4rs.docker.yaml
 
 # Set the entrypoint for the application
 # The application is responsible for creating 'logs' and 'backups' directories if they are needed.
-ENTRYPOINT ["./flaresync"]
+ENTRYPOINT ["./flaresync"]
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ FlareSync is a lightweight Rust application that automatically updates your Clou
 - **Multiple Domain Support:** You can now specify multiple domain names to be updated. In your `.env` file, list them as a comma-separated string for the `DOMAIN_NAME` variable (e.g., `DOMAIN_NAME=example.com,sub.example.com`).
 - **Major Refactoring:** The codebase has been significantly refactored for better readability, maintainability, and performance.
 - **Docker-Compatible Logs:** Logging is now directed to stdout, making it easy to monitor using `docker logs`.
-- **Modern Toolchain:** The project now uses Rust 1.88 and has all dependencies updated to their latest versions for improved performance and security.
+- **Modern Toolchain:** The project now uses Rust 1.92 and has all dependencies updated to their latest versions for improved performance and security.
 
 
 ## Disclaimer
@@ -18,6 +18,7 @@ This application was developed using AI. Please note that while AI tools help ac
 - Asynchronous operation powered by `tokio` for efficiency.
 - Detailed and structured logging with `log4rs`.
 - Dockerised for easy deployment.
+- For improved security, the official Docker image is distroless and runs rootless (non-root).
 - Backup of DNS records before updates.
 - Retry mechanism with exponential backoff for improved reliability.
 
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,8 +2,9 @@ services:
   flaresync:
     image: battermanz/flaresync:latest
     container_name: flaresync
+    user: "1000:1000"
     env_file:
       - .env
     volumes:
       - ./backups:/app/backups
-    restart: unless-stopped
+    restart: unless-stopped
