Skip to content

Commit d95734b

Browse files
erikwebberikwebb
committed
Do not run Terminus container as root user
1 parent 08ad26c commit d95734b

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

Dockerfile

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,12 @@
22
FROM php:8.2-cli AS build
33

44
# Install dependencies for building PHAR
5-
RUN apt-get update && apt-get install -y git unzip wget && rm -rf /var/lib/apt/lists/*
5+
RUN apt-get update && \
6+
apt-get install --no-install-recommends -y \
7+
git \
8+
unzip \
9+
wget && \
10+
rm -rf /var/lib/apt/lists/*
611

712
# Install Composer
813
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
@@ -24,6 +29,12 @@ RUN ./scripts/phar_build.sh
2429
# --- Runtime Layer ---
2530
FROM php:8.2-cli-alpine
2631

32+
# Create a non-root user and group
33+
RUN addgroup -S terminus && adduser -S terminus -G terminus
34+
35+
# Switch to non-root user
36+
USER terminus
37+
2738
WORKDIR /app
2839

2940
# Copy Git

0 commit comments

Comments
 (0)