use a non-root user in the container (#35)

khanzadimahdi · web-flow · commit feb5f1e78ed3 · 2025-09-30T09:02:05.000+02:00
* use a non-root user in the container

* rename user and group to app
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+/.github
+/.next
+/.env
+/node_modules
diff --git a/Dockerfile b/Dockerfile
@@ -2,10 +2,17 @@ FROM node:20.18-alpine AS base
 # Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
 RUN apk add --no-cache libc6-compat vips
 WORKDIR /opt/app
+# Create a non-root user and group
+RUN addgroup -g 10001 app \
+    && adduser -u 10000 -g app -S -h /home/app app \
+    && chown -R app:app /opt/app
+# Switch to the non-root user
+USER app:app
 
 FROM base AS install
-COPY . .
-RUN npm install
+COPY --chown=app:app . .
+RUN chown -R app:app /opt/app \
+    && npm clean-install
 
 FROM install AS develop
 EXPOSE 3000

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +/.github
 +/.next
 +/.env
 +/node_modules