From fb6d05b881a7f0571acf11301ac66e1ec4121f2d Mon Sep 17 00:00:00 2001 From: Dino Rodriguez Date: Fri, 12 Jun 2020 17:55:22 -0400 Subject: [PATCH] fix: non-root user in Dockerfile (#496) * fix: non-root user in Dockerfile * fix: add user * fix: change commands to work for alpine --- Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 71277617..dfc9d411 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,14 +10,18 @@ WORKDIR /opt/payid COPY . . +# create a group and user +RUN addgroup -S appgroup && adduser -S appuser -G appgroup + # postgresql-client is needed if/when we run "wait-for-postgres.sh" (in ./scripts) to make sure Postgres is ready to execute SQL scripts. RUN apk --no-cache add postgresql-client~=12 &&\ npm cache clean --force &&\ npm install &&\ - npm run build &&\ - ls -al /opt/payid/build/ &&\ - ls -al /opt/payid/build/src + npm run build EXPOSE 8080 8081 -CMD ["node", "/opt/payid/build/src/index.js"] \ No newline at end of file +# run all future commands as this user +USER appuser + +CMD ["node", "/opt/payid/build/src/index.js"]