Skip to content

Commit 9381528

Browse files
bishal0602bishal0602
committed
feat: docker added non-root user, optimized build layers
1 parent 8d60b59 commit 9381528

File tree

1 file changed

+16
-6
lines changed

1 file changed

+16
-6
lines changed

Dockerfile

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,12 @@
11
FROM node:20-slim
22

3+
RUN groupadd -r botuser && useradd -r -g botuser -d /app -s /bin/bash botuser
4+
5+
WORKDIR /app
6+
RUN chown -R botuser:botuser /app
7+
38
RUN apt-get update && \
4-
apt-get install -y \
9+
apt-get install -y --no-install-recommends \
510
wget \
611
ca-certificates \
712
fonts-liberation \
@@ -22,14 +27,19 @@ RUN apt-get update && \
2227
xdg-utils \
2328
chromium \
2429
graphicsmagick \
25-
&& rm -rf /var/lib/apt/lists/*
30+
&& rm -rf /var/lib/apt/lists/* && \
31+
apt-get clean
2632

2733
# Set Chromium path
2834
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
2935

30-
WORKDIR /app
31-
COPY package*.json ./
32-
RUN npm install --production
33-
COPY . .
36+
COPY --chown=botuser:botuser package*.json ./
37+
38+
USER botuser
39+
40+
RUN npm ci --omit=dev && \
41+
npm cache clean --force
42+
43+
COPY --chown=botuser:botuser . .
3444

3545
CMD ["node", "./src/bot.js"]

0 commit comments

Comments
 (0)