Merge pull request #38 from hyperledger/fix/dockerfile

alex-semenyuk · web-flow · commit 9d47365d0bd0 · 2024-04-29T18:48:18.000+05:00
Create a non-root user for a docker container
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,6 @@
 # IDE configs
 .vscode
-.idea
+.idea
+
+# Compiled output
+firefly-tezosconnect
diff --git a/Dockerfile b/Dockerfile
@@ -2,8 +2,12 @@ FROM golang:1.21-alpine3.19 AS builder
 RUN apk add make
 ARG BUILD_VERSION
 ENV BUILD_VERSION=${BUILD_VERSION}
-ADD . /tezosconnect
+ADD --chown=1001:0 . /tezosconnect
 WORKDIR /tezosconnect
+RUN mkdir /.cache \
+    && chgrp -R 0 /.cache \
+    && chmod -R g+rwX /.cache
+USER 1001
 RUN make
 
 # Copy the migrations from FFTM down into our local migrations directory
@@ -12,13 +16,16 @@ RUN DB_MIGRATIONS_DIR=$(go list -f '{{.Dir}}' github.com/hyperledger/firefly-tra
 
 FROM debian:buster-slim
 WORKDIR /tezosconnect
+RUN chgrp -R 0 /tezosconnect \
+    && chmod -R g+rwX /tezosconnect
 RUN apt update -y \
  && apt install -y curl jq \
  && rm -rf /var/lib/apt/lists/* \
  && curl -sL "https://github.com/golang-migrate/migrate/releases/download/$(curl -sL https://api.github.com/repos/golang-migrate/migrate/releases/latest | jq -r '.name')/migrate.linux-amd64.tar.gz" | tar xz \
  && chmod +x ./migrate \
  && mv ./migrate /usr/bin/migrate
-COPY --from=builder /tezosconnect/firefly-tezosconnect /usr/bin/tezosconnect
-COPY --from=builder /tezosconnect/db/ /tezosconnect/db/
+COPY --from=builder --chown=1001:0 /tezosconnect/firefly-tezosconnect /usr/bin/tezosconnect
+COPY --from=builder --chown=1001:0 /tezosconnect/db/ /tezosconnect/db/
+USER 1001
 
 ENTRYPOINT [ "/usr/bin/tezosconnect" ]
