switch to non root dockerfile for ui and api containers

https://github.com/ohmyform/ohmyform/issues/97

CHANGELOG.md

@@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 ### Security
 
+- container now runs as non root user
+
 ## [0.9.5] - 2020-06-10
  
 ### Added

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:12 AS builder
+FROM node:12-alpine AS builder
 MAINTAINER OhMyForm <admin@ohmyform.com>
 
 WORKDIR /usr/src/app
@@ -6,10 +6,16 @@ WORKDIR /usr/src/app
 # just copy everhing
 COPY . .
 
+RUN touch /usr/src/app/src/schema.gql && chown 9999:9999 /usr/src/app/src/schema.gql
+
 RUN yarn install --frozen-lockfile
 RUN yarn build
 
-FROM node:12
+FROM node:12-alpine
+MAINTAINER OhMyForm <admin@ohmyform.com>
+
+# Create a group and a user with name "ohmyform".
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
 
 WORKDIR /usr/src/app
 
@@ -24,4 +30,7 @@ ENV PORT=3000 \
 
 EXPOSE 3000
 
+# Change to non-root privilege
+USER ohmyform
+
 CMD [ "yarn", "start:prod" ]

public/index.html

@@ -0,0 +1,5 @@
+<pre>
+<h1>OhMyForm API endpoint</h1>
+
+visit us at <a href="https://ohmyform.com">ohmyform.com</a>
+</pre>