feat(docker): run docker as non root user

CorentinTh · Aug 28, 2024 · 8e2ab68 · 8e2ab68
1 parent 541bd2a
commit 8e2ab68
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -11,7 +11,7 @@ COPY packages/app-client/package.json packages/app-client/package.json
 COPY packages/app-server/package.json packages/app-server/package.json
 
 # Install pnpm
-RUN npm install -g pnpm && pnpm install --frozen-lockfile --ignore-scripts
+RUN npm install -g pnpm --ignore-scripts && pnpm install --frozen-lockfile --ignore-scripts
 
 # Copy the entire app
 COPY . .
@@ -22,12 +22,21 @@ RUN pnpm --filter @enclosed/app-client run build && pnpm --filter @enclosed/app-
 # Production image 
 FROM node:22-alpine
 
+# Create a non-root user and group
+RUN addgroup -S nonroot && adduser -S nonroot -G nonroot
+
 WORKDIR /app
 
 # Copy the built apps
 COPY --from=builder /app/packages/app-client/dist ./public
 COPY --from=builder /app/packages/app-server/dist-node/index.cjs ./index.cjs
 
+# Change the owner of the app directory
+RUN chown -R nonroot:nonroot /app
+
+# Change the user to nonroot
+USER nonroot
+
 EXPOSE 8787
 
 CMD ["node", "index.cjs"]