switch to non root dockerfile for ui and api containers

https://github.com/ohmyform/ohmyform/issues/97
2025-12-13 09:45:50 +00:00 · 2020-06-16 09:20:43 +02:00 · 2020-06-16 09:20:43 +02:00 · a6c98b6dfd
commit a6c98b6dfd
parent 3937e584ed
2 changed files with 17 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - typo in dropdown options https://github.com/ohmyform/ohmyform/issues/96

 ### Security
+
+- container now runs as non root user
 
 ## [0.9.5] - 2020-06-10

--- a/16
+++ b/16
@ -1,4 +1,5 @@
-FROM node:12-alpine
+FROM node:12-alpine AS builder
+MAINTAINER OhMyForm <admin@ohmyform.com>

 WORKDIR /usr/src/app

@ -7,6 +8,19 @@ COPY . ./
 RUN yarn install --frozen-lock-file
 RUN yarn build

+FROM node:12-alpine
+MAINTAINER OhMyForm <admin@ohmyform.com>
+
+# Create a group and a user with name "ohmyform".
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
+
+WORKDIR /usr/src/app
+
+COPY --from=builder /usr/src/app /usr/src/app
+
 ENV PORT=4000

+# Change to non-root privilege
+USER ohmyform
+
 CMD [ "yarn", "start" ]