fix: Harden Dockerfile

2025-07-17 18:58:33 +00:00 · 2023-11-11 00:27:15 +01:00 · 2023-11-11 00:27:15 +01:00 · cbfb8432f8
commit cbfb8432f8
parent 463ece02c7
2 changed files with 18 additions and 8 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,5 @@
+node_modules
+.gitignore
+Dockerfile
+README.md
+docs
--- a/21
+++ b/21
@ -1,15 +1,20 @@
-FROM node:18-bullseye-slim
+FROM node:20-slim
 WORKDIR /app
+EXPOSE 9000

 RUN apt-get update
 RUN apt-get install -y git
-RUN rm -rf /var/lib/apt/lists/*
-
-COPY package*.json ./
-RUN npm install
-
-RUN git clone -n https://github.com/wukko/cobalt.git --depth 1 && mv cobalt/.git ./ && rm -rf cobalt
+RUN apt-get install -y git

 COPY . .
-EXPOSE 9000
+
+RUN npm install
+
+# Drop privileges
+RUN groupadd cobalt && useradd -g cobalt cobalt
+RUN chown -R cobalt:cobalt /app
+RUN chmod -R 755 /app
+
+USER cobalt
+
 CMD [ "node", "src/cobalt" ]