Skip to content

Commit

Permalink
Update Dockerfile
Browse files Browse the repository at this point in the history 
Updated to run the Docker container as a non-root user with user privileges instead of root privileges, since it helps mitigate risks.
  • Loading branch information
@nhkhai
nhkhai committed May 1, 2024
1 parent 3cd326b commit 34417dc
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@
# FROM eclipse-temurin:21-jdk-jammy as builder
FROM eclipse-temurin:21-jdk-alpine as builder

# Run the Docker container as a non-root user with user privileges instead of root privileges, since it helps mitigate risks.
RUN addgroup deploymentgroup; adduser --ingroup deploymentgroup --disabled-password deployment

# The USER instruction sets the preferred user name (or UID) and optionally the user group (or GID) while running the image — and for any subsequent RUN, CMD, or ENTRYPOINT instructions.
USER deployment

# The work directory.
WORKDIR /opt/app

Expand Down Expand Up @@ -46,6 +52,12 @@ RUN ./mvnw clean install -DskipTests
# FROM eclipse-temurin:21-jdk-jammy
FROM eclipse-temurin:21-jdk-alpine

# Run the Docker container as a non-root user with user privileges instead of root privileges, since it helps mitigate risks.
RUN addgroup deploymentgroup; adduser --ingroup deploymentgroup --disabled-password deployment

# The USER instruction sets the preferred user name (or UID) and optionally the user group (or GID) while running the image — and for any subsequent RUN, CMD, or ENTRYPOINT instructions.
USER deployment

WORKDIR /opt/app

# The environment port to expose.
Expand Down

0 comments on commit 34417dc

Please sign in to comment.