From 8560efd2eb5396f1ebd7a032e830828379ef058c Mon Sep 17 00:00:00 2001 From: Zusier Date: Wed, 16 Mar 2022 00:20:27 +0000 Subject: [PATCH] Run as rootless user & improve build cache --- Dockerfile | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca73b36..87d5e1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,14 +9,14 @@ FROM node:16.14.0 # Set working directory WORKDIR /opt/ass/ -# Copy directory files (config.json, source files etc.) -COPY . ./ +# create rootless user with uid/gid as 1000 +RUN groupadd -g 1000 -o ass && useradd -m -u 1000 -g 1000 -o -s /bin/bash ass -# Update npm to at least npm 8, -# then install dependencies -RUN npm i -g npm@8 typescript && \ - npm i --save-dev && \ - npm run build +# Set permissions for rootless user +RUN chown -R ass /opt/ass/ && chmod -R 774 /opt/ass/ + +# run container as previously created user +USER ass # Ensure these directories & files exist for compose volumes RUN mkdir -p /opt/ass/uploads/thumbnails/ && \ @@ -25,5 +25,14 @@ RUN mkdir -p /opt/ass/uploads/thumbnails/ && \ touch /opt/ass/auth.json && \ touch /opt/ass/data.json +# Copy directory files (config.json, source files etc.) +COPY . ./ + +# Update npm to at least npm 8, then install dependencies +RUN npm i -g npm@8 typescript && \ + npm i --save-dev && \ + npm run build && \ + chown -R ass /usr/local/bin/npm + # Start ass CMD npm start