From 961ff38eb5627a1705c3e3016b69f4d4e3300b53 Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Tue, 16 Jun 2020 18:21:17 +1200
Subject: [PATCH] Switched to non root user and alpine.

---
 Dockerfile | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0930dd39..a4177aba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:12 as builder
+FROM node:12-alpine as builder
 
 WORKDIR /usr/src/app
 
@@ -7,9 +7,12 @@ COPY ui/ .
 RUN yarn install --frozen-lockfile
 RUN yarn export
 
-FROM node:12
+FROM node:12-alpine
 LABEL maintainer="OhMyForm <admin@ohmyform.com>"
 
+# Create a group and a user with name "ohmyform".
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
+
 WORKDIR /usr/src/app
 
 COPY api/ .
@@ -27,4 +30,7 @@ ENV PORT=3000 \
 
 EXPOSE 3000
 
+# Change to non-root privilege
+USER ohmyform
+
 CMD [ "yarn", "start:prod" ]