devsecops/Dockerfile at main · siddheshengineer/devsecops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# buildtime variables
ARG NODE_VERSION=20-alpine
ARG NGINX_VERSION=alpine

# Build stage
FROM node:${NODE_VERSION} AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# App stage
FROM nginx:${NGINX_VERSION}
LABEL org.opencontainers.image.description="Project: DevSecOps Pipeline"
LABEL org.opencontainers.image.description="Author: Siddhesh N"

# runtime variables
ENV USER_NAME=secUser
ENV GROUP_NAME=secGroup
ENV USER_ID=8754
ENV GROUP_ID=4876
ENV APP_PORT=8080

# Custom user
RUN addgroup -g ${GROUP_ID} -S ${GROUP_NAME} && adduser -u ${USER_ID} -S ${USER_NAME} -G ${GROUP_NAME}

# Copy build files from build stages
COPY --from=build /app/dist /usr/share/nginx/html

# Change ownership
RUN chown -R ${USER_NAME}:${GROUP_NAME} /usr/share/nginx/html

# Fix permissions for Nginx cache directories
RUN mkdir -p /var/cache/nginx /var/run/ var/log/nginx && \
    chown -R ${USER_NAME}:${GROUP_NAME} /var/cache/nginx /var/run/ var/log/nginx

# Copy custom Nginx configuration
COPY nginx.conf /etc/nginx/nginx.conf

# Switch to non-root user
USER ${USER_NAME}

EXPOSE ${APP_PORT}
ENTRYPOINT ["nginx", "-g", "daemon off;"]