Merge pull request #337 from TapEnvy-us-LLC/feature/309-docker-as-non…

…-root Adjust Docker to run as non-root user.
electerious · May 29, 2022 · 9b7aaf5 · 9b7aaf5
2 parents 8fcd451 + b5e611f
commit 9b7aaf5
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,11 @@
 # Start with first build stage
 
 FROM node:14-alpine AS build
+
+# Add and set user to ackee. Disable the password and do not create a home folder.
+RUN adduser -D ackee ackee
+USER ackee
+
 WORKDIR /srv/app/
 
 # Add dependencies first so that Docker can use the cache as long as the dependencies stay unchanged
@@ -24,6 +29,12 @@ WORKDIR /srv/app/
 
 COPY --from=build /srv/app/ /srv/app/
 
+# Create User/Group to run as and change ownership of files
+RUN adduser -D ackee ackee && chown -R ackee:ackee /srv/app
+
+# Adjust to run as the new user
+USER ackee
+
 # Run healthcheck against MongoDB, server and API.
 # Wait a bit before start to ensure the `yarn build` is done.
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -18,4 +18,4 @@ services:
     container_name: mongo
     restart: always
     volumes:
-      - ./data:/data/db
+      - ./data:/data/db