Switch to a non-root user in docker (#247)

KonstantAnxiety · web-flow · commit 6c0706a841f1 · 2024-01-23T18:17:00.000+03:00
diff --git a/app/dl_control_api/Dockerfile b/app/dl_control_api/Dockerfile
@@ -22,6 +22,14 @@ WORKDIR /src/metapkg
 RUN poetry export --only app_dl_os_control_api --without-hashes --format=requirements.txt > requirements.txt
 RUN pip install -r requirements.txt
 
+# Setting up the runtime user
+ARG USER=app
+ARG GID=1000
+ARG UID=1000
+RUN groupadd -r -g ${GID} ${USER} && \
+    useradd -mr -g ${USER} -u ${UID} -s /bin/bash ${USER}
+USER ${USER}
+
 EXPOSE 8080
 
 ENTRYPOINT ["/etc/service/dl_api/run"]
diff --git a/app/dl_data_api/Dockerfile b/app/dl_data_api/Dockerfile
@@ -26,6 +26,14 @@ WORKDIR /src/metapkg
 RUN poetry export --only app_dl_os_data_api --without-hashes --format=requirements.txt > requirements.txt
 RUN pip install -r requirements.txt
 
+# Setting up the runtime user
+ARG USER=app
+ARG GID=1000
+ARG UID=1000
+RUN groupadd -r -g ${GID} ${USER} && \
+    useradd -mr -g ${USER} -u ${UID} -s /bin/bash ${USER}
+USER ${USER}
+
 EXPOSE 8080
 
 ENTRYPOINT ["/etc/service/dl_api/run"]
