fix: run docker image as non-root (#795)

* do not use apk update explicitely
* change user root to node
This commit is contained in:
Stephan Müller 2019-03-30 01:45:31 +01:00 committed by Nicolas Giard
parent cce466e8f5
commit 16d88a7c7a

View File

@ -3,9 +3,7 @@
# ==================== # ====================
FROM node:10.15-alpine AS assets FROM node:10.15-alpine AS assets
RUN apk update && \ RUN apk add yarn g++ make python --no-cache
apk add yarn g++ make python --no-cache && \
rm -rf /var/cache/apk/*
WORKDIR /wiki WORKDIR /wiki
@ -28,22 +26,23 @@ RUN yarn --production --frozen-lockfile --non-interactive
FROM node:10.15-alpine FROM node:10.15-alpine
LABEL maintainer="requarks.io" LABEL maintainer="requarks.io"
RUN apk update && \ RUN apk add bash curl git openssh gnupg sqlite --no-cache && \
apk add bash curl git openssh gnupg sqlite --no-cache && \
rm -rf /var/cache/apk/* && \
mkdir -p /wiki && \ mkdir -p /wiki && \
mkdir -p /logs mkdir -p /logs && \
chown -R node:node /wiki /logs
WORKDIR /wiki WORKDIR /wiki
COPY --from=assets /wiki/assets ./assets COPY --chown=node:node --from=assets /wiki/assets ./assets
COPY --from=assets /wiki/node_modules ./node_modules COPY --chown=node:node --from=assets /wiki/node_modules ./node_modules
COPY ./server ./server COPY --chown=node:node ./server ./server
COPY --from=assets /wiki/server/views ./server/views COPY --chown=node:node --from=assets /wiki/server/views ./server/views
COPY ./dev/build/config.yml ./config.yml COPY --chown=node:node ./dev/build/config.yml ./config.yml
COPY ./dev/docker-common/wait.sh ./wait.sh COPY --chown=node:node ./dev/docker-common/wait.sh ./wait.sh
COPY ./package.json ./package.json COPY --chown=node:node ./package.json ./package.json
COPY ./LICENSE ./LICENSE COPY --chown=node:node ./LICENSE ./LICENSE
USER node
EXPOSE 3000 EXPOSE 3000