🔀 Merge pull request #495 from Singebob/master

Add group and user in dockerfile to run container as unprivileged
Fixes #340
Thank you @Singebob
This commit is contained in:
Alicia Sykes 2022-02-19 21:45:16 +00:00 committed by GitHub
commit 5aff97a09e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 5 deletions

View File

@ -30,16 +30,32 @@ FROM node:16.13.2-alpine
# Define some ENV Vars
ENV PORT=80 \
DIRECTORY=/app \
IS_DOCKER=true
IS_DOCKER=true \
USER=docker \
UID=12345 \
GID=23456
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini \
# Add group
&& addgroup --gid ${GID} "${USER}" \
# Add user
&& adduser \
--disabled-password \
--ingroup "${USER}" \
--gecos "" \
--home "${DIRECTORY}" \
--no-create-home \
--uid "$UID" \
"$USER"
USER ${USER}
# Create and set the working directory
WORKDIR ${DIRECTORY}
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini
# Copy built application from build phase
COPY --from=BUILD_IMAGE /app ./
COPY --from=BUILD_IMAGE --chown=${USER}:${USER} /app ./
# Finally, run start command to serve up the built application
ENTRYPOINT [ "/sbin/tini", "--" ]