Move USER and remove redundant --chown from Dockerfile (#53441)

### What? In the Dockerfile example: * Moves the `USER` command above the `COPY`s * Removes the `--chown` on the `COPY`s > **Note** > I don't know for 100% sure this won't have unintended side effects. Part of my motivation for opening this PR is to sense check whether we will be causing a regression by making this change in our own projects. > > Please let me know if there's any concerns with this! ### Why? Sonar security scanner flags this Dockerfile as having "security hotspots" due to the use of `--chown` https://rules.sonarsource.com/docker/RSPEC-6504/ ### How? Make the `--chown`s redundant by setting the current user before doing the `COPY` commands.
vercel · Aug 3, 2023 · 39c06ae · 39c06ae
1 parent b7c9604
commit 39c06ae
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/examples/with-docker/Dockerfile b/examples/with-docker/Dockerfile
@@ -43,14 +43,14 @@ ENV NODE_ENV production
 RUN addgroup --system --gid 1001 nodejs
 RUN adduser --system --uid 1001 nextjs
 
+USER nextjs
+
 COPY --from=builder /app/public ./public
 
 # Automatically leverage output traces to reduce image size
 # https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-
-USER nextjs
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
 
 EXPOSE 3000