chore: make Docker image rootless (#683)

* add first version of rootless docker image * skip user creation if user is already a non root user
2024-12-18 16:08:45 +01:00
parent 168038eae7
commit 6771bfdf50
4 changed files with 42 additions and 6 deletions
--- a/14
+++ b/14
@@ -30,9 +30,12 @@ RUN npm run build && npm prune --production
 FROM node:20-alpine AS runner
 ENV NODE_ENV=docker

+# Delete default node user
+RUN deluser --remove-home node
+
 RUN apk update --no-cache \
    && apk upgrade --no-cache \
-    && apk add --no-cache curl caddy
+    && apk add --no-cache curl caddy su-exec

 WORKDIR /opt/app/frontend
 COPY --from=frontend-builder /opt/app/public ./public
@@ -46,13 +49,14 @@ COPY --from=backend-builder /opt/app/dist ./dist
 COPY --from=backend-builder /opt/app/prisma ./prisma
 COPY --from=backend-builder /opt/app/package.json ./

-COPY ./reverse-proxy /etc/caddy
-COPY ./scripts/docker-entrypoint.sh /opt/app/docker-entrypoint.sh
-
 WORKDIR /opt/app

+COPY ./reverse-proxy /etc/caddy
+COPY ./scripts ./scripts
+
 EXPOSE 3000

 HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1

-CMD ["sh", "/opt/app/docker-entrypoint.sh"]
+ENTRYPOINT ["sh", "./scripts/docker/create-user.sh"]
+CMD ["sh", "./scripts/docker/entrypoint.sh"]