IT4Change/ohmyform-api
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

switch to non root dockerfile for ui and api containers

Browse Source 
https://github.com/ohmyform/ohmyform/issues/97
This commit is contained in:
Michael Schramm 2020-06-16 09:20:43 +02:00
parent 98335bf901
commit ed9638bcf9
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
### Fixed ### Fixed
### Security ### Security
- container now runs as non root user
## [0.9.5] - 2020-06-10 ## [0.9.5] - 2020-06-10
### Added ### Added

13
Dockerfile
View File

@ -1,4 +1,4 @@
FROM node:12 AS builder FROM node:12-alpine AS builder
MAINTAINER OhMyForm <admin@ohmyform.com> MAINTAINER OhMyForm <admin@ohmyform.com>
WORKDIR /usr/src/app WORKDIR /usr/src/app
@ -6,10 +6,16 @@ WORKDIR /usr/src/app
# just copy everhing # just copy everhing
COPY . . COPY . .
RUN touch /usr/src/app/src/schema.gql && chown 9999:9999 /usr/src/app/src/schema.gql
RUN yarn install --frozen-lockfile RUN yarn install --frozen-lockfile
RUN yarn build RUN yarn build
FROM node:12 FROM node:12-alpine
MAINTAINER OhMyForm <admin@ohmyform.com>
# Create a group and a user with name "ohmyform".
RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
WORKDIR /usr/src/app WORKDIR /usr/src/app
@ -24,4 +30,7 @@ ENV PORT=3000 \
EXPOSE 3000 EXPOSE 3000
# Change to non-root privilege
USER ohmyform
CMD [ "yarn", "start:prod" ] CMD [ "yarn", "start:prod" ]

5
public/index.html Normal file
View File

@ -0,0 +1,5 @@
<pre>
<h1>OhMyForm API endpoint</h1>
visit us at <a href="https://ohmyform.com">ohmyform.com</a>
</pre>