Merge pull request #366 from DTS-STN/lharrison-dockerfile-user-fix

Adding user and cleaning up caches for Dockerfile
DTS-STN · Sep 7, 2023 · 00ab6c5 · 00ab6c5
2 parents b1d9898 + 71a7c00
commit 00ab6c5
Showing 1 changed file with 36 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
-FROM node:18-alpine3.16 AS base
+FROM node:18-alpine3.18 AS base
 WORKDIR /base
 COPY package*.json ./
-RUN npm ci
+RUN npm ci && npm cache clean --force
 COPY . .
 
 FROM base AS build
@@ -25,16 +25,36 @@ WORKDIR /build
 COPY --from=base /base ./
 RUN npm run build
 
-FROM node:18-alpine3.16 AS production
+FROM node:18-alpine3.18 AS production
 ENV NODE_ENV=production
-WORKDIR /app
-COPY --from=build /build/next.config.js ./
-COPY --from=build /build/package*.json ./
-COPY --from=build /build/.next ./.next
-COPY --from=build /build/public ./public
-COPY --from=build /build/tracing.js ./
-COPY --from=build /build/certs/srv113-i-lab-hrdc-drhc-gc-ca-chain.pem ./certs/
-RUN VERSION_NEXT=`node -p -e "require('./package.json').dependencies.next"`&& npm install --no-package-lock --no-save next@"$VERSION_NEXT"
+
+ARG user=nodeuser
+ARG group=nodegroup
+ARG home=/srv/app
+
+RUN addgroup \
+    -S ${group} \
+    --gid 1001 && \
+    adduser \
+    --disabled-password \
+    --gecos "" \
+    --uid 1001 \
+    --home ${home} \
+    --ingroup ${group} \
+    ${user}
+
+WORKDIR ${home}
+
+COPY --from=build --chown=${user}:${group} /build/next.config.js ./
+COPY --from=build --chown=${user}:${group} /build/package*.json ./
+COPY --from=build --chown=${user}:${group} /build/.next ./.next
+COPY --from=build --chown=${user}:${group} /build/public ./public
+COPY --from=build --chown=${user}:${group} /build/tracing.js ./
+COPY --from=build --chown=${user}:${group} /build/certs/srv113-i-lab-hrdc-drhc-gc-ca-chain.pem ./certs/
+
+USER ${user}
+
+RUN VERSION_NEXT=`node -p -e "require('./package.json').dependencies.next"` && npm install --no-package-lock --no-save next@"$VERSION_NEXT" && npm cache clean --force
 
 # Runtime envs -- will default to build args if no env values are specified at docker run
 ARG AEM_GRAPHQL_ENDPOINT
@@ -84,4 +104,9 @@ ARG AUTH_ECAS_GLOBAL_LOGOUT_URL
 ENV AUTH_ECAS_GLOBAL_LOGOUT_URL=$AUTH_ECAS_GLOBAL_LOGOUT_URL
 # ECAS/next-auth env end
 
+ARG PORT=3000
+ENV PORT=${PORT}
+
+EXPOSE ${PORT}
+
 CMD npm run start