From a8b4d1ac2a17ec57b945e35b1dd59cc6e8fba759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Sacrist=C3=A1n?= Date: Tue, 8 Oct 2024 05:12:21 +0200 Subject: [PATCH] feat: Improvement- use non root user for Web container (#8928) --- web/Dockerfile | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index 48bdb2301a..29f7675f4a 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -46,21 +46,27 @@ ENV TZ=UTC RUN ln -s /usr/share/zoneinfo/${TZ} /etc/localtime \ && echo ${TZ} > /etc/timezone -# global runtime packages -RUN yarn global add pm2 \ - && yarn cache clean WORKDIR /app/web COPY --from=builder /app/web/public ./public COPY --from=builder /app/web/.next/standalone ./ COPY --from=builder /app/web/.next/static ./.next/static - COPY docker/pm2.json ./pm2.json COPY docker/entrypoint.sh ./entrypoint.sh + +# global runtime packages +RUN yarn global add pm2 \ + && yarn cache clean \ + && mkdir /.pm2 \ + && chown -R 1001:0 /.pm2 /app/web \ + && chmod -R g=u /.pm2 /app/web + + ARG COMMIT_SHA ENV COMMIT_SHA=${COMMIT_SHA} +USER 1001 EXPOSE 3000 ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]