Merge pull request #139 from kaleido-io/nonroot

Nonroot User in Docker Image
hyperledger · Oct 12, 2023 · a189de9 · a189de9
2 parents 1740a44 + 6cdd4e2
commit a189de9
Showing 1 changed file with 17 additions and 12 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -17,19 +17,24 @@ RUN npx hardhat compile
 
 FROM node:16-alpine3.15
 RUN apk add curl jq
-RUN mkdir -p /home/node/contracts/source
-RUN chown node:node /home/node/contracts/source
-WORKDIR /home/node/contracts/source
-USER node
-COPY --from=solidity-build --chown=node:node /home/node/contracts /home/node/package*.json ./
-RUN npm install --production
-WORKDIR /home/node/contracts
-COPY --from=solidity-build --chown=node:node /home/node/artifacts/contracts/TokenFactory.sol/TokenFactory.json ./
-WORKDIR /home/node
-COPY --from=build --chown=node:node /home/node/dist ./dist
-COPY --from=build --chown=node:node /home/node/package.json /home/node/package-lock.json ./
+RUN mkdir -p /app/contracts/source \
+    && chgrp -R 0 /app/ \
+    && chmod -R g+rwX /app/ \
+    && chown 1001:0 /app/contracts/source \
+    && mkdir /.npm/ \
+    && chgrp -R 0 /.npm/ \
+    && chmod -R g+rwX /.npm/
 
+WORKDIR /app/contracts/source
+USER 1001
+COPY --from=solidity-build --chown=1001:0 /home/node/contracts /home/node/package*.json ./
+RUN npm install --production
+WORKDIR /app/contracts
+COPY --from=solidity-build --chown=1001:0 /home/node/artifacts/contracts/TokenFactory.sol/TokenFactory.json ./
+WORKDIR /app
+COPY --from=build --chown=1001:0 /home/node/dist ./dist
+COPY --from=build --chown=1001:0 /home/node/package.json /home/node/package-lock.json ./
 
 RUN npm install --production
 EXPOSE 3000
-CMD ["npm", "run", "start:prod"]
+CMD ["node", "dist/src/main"]