0
Fork 0
mirror of https://github.com/stonith404/pingvin-share.git synced 2025-01-15 01:14:27 -05:00

Run docker container as non root user (#242)

* Run docker container as non root user

* Pass UID and GID as a variable + alpine-based image

* change apt-get to apk

* chore: remove unnecessary packages from Dockerfile

* chore: remove unnecessary `chown`

---------

Co-authored-by: Elias Schneider <login@eliasschneider.com>
This commit is contained in:
adriadam10 2023-09-11 16:14:42 +02:00 committed by GitHub
parent 3d76e41cd8
commit 3f1d3b7833
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,27 +1,24 @@
# Using node slim because prisma ORM needs libc for ARM builds
# Stage 1: on frontend dependency change # Stage 1: on frontend dependency change
FROM node:19-slim AS frontend-dependencies FROM node:19-alpine AS frontend-dependencies
WORKDIR /opt/app WORKDIR /opt/app
COPY frontend/package.json frontend/package-lock.json ./ COPY frontend/package.json frontend/package-lock.json ./
RUN npm ci RUN npm ci
# Stage 2: on frontend change # Stage 2: on frontend change
FROM node:19-slim AS frontend-builder FROM node:19-alpine AS frontend-builder
WORKDIR /opt/app WORKDIR /opt/app
COPY ./frontend . COPY ./frontend .
COPY --from=frontend-dependencies /opt/app/node_modules ./node_modules COPY --from=frontend-dependencies /opt/app/node_modules ./node_modules
RUN npm run build RUN npm run build
# Stage 3: on backend dependency change # Stage 3: on backend dependency change
FROM node:19-slim AS backend-dependencies FROM node:19-alpine AS backend-dependencies
WORKDIR /opt/app WORKDIR /opt/app
COPY backend/package.json backend/package-lock.json ./ COPY backend/package.json backend/package-lock.json ./
RUN npm ci RUN npm ci
# Stage 4:on backend change # Stage 4:on backend change
FROM node:19-slim AS backend-builder FROM node:19-alpine AS backend-builder
RUN apt-get update && apt-get install -y openssl
WORKDIR /opt/app WORKDIR /opt/app
COPY ./backend . COPY ./backend .
COPY --from=backend-dependencies /opt/app/node_modules ./node_modules COPY --from=backend-dependencies /opt/app/node_modules ./node_modules
@ -29,9 +26,14 @@ RUN npx prisma generate
RUN npm run build && npm prune --production RUN npm run build && npm prune --production
# Stage 5: Final image # Stage 5: Final image
FROM node:19-slim AS runner FROM node:19-alpine AS runner
ENV NODE_ENV=docker ENV NODE_ENV=docker
RUN apt-get update && apt-get install -y curl openssl
ARG UID=1000
ARG GID=1000
RUN deluser node
RUN adduser -u $UID -g $GID node -D
USER node
WORKDIR /opt/app/frontend WORKDIR /opt/app/frontend
COPY --from=frontend-builder /opt/app/public ./public COPY --from=frontend-builder /opt/app/public ./public
@ -46,8 +48,9 @@ COPY --from=backend-builder /opt/app/prisma ./prisma
COPY --from=backend-builder /opt/app/package.json ./ COPY --from=backend-builder /opt/app/package.json ./
WORKDIR /opt/app WORKDIR /opt/app
EXPOSE 3000 EXPOSE 3000
HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1 HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1
# HOSTNAME=0.0.0.0 fixes https://github.com/vercel/next.js/issues/51684. It can be removed as soon as the issue is fixed # HOSTNAME=0.0.0.0 fixes https://github.com/vercel/next.js/issues/51684. It can be removed as soon as the issue is fixed
CMD cp -rn /tmp/img /opt/app/frontend/public && HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod CMD cp -rn /tmp/img /opt/app/frontend/public && HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod