fix: change owner of application files, run as non-root user, linting

Author: siljekristensen

meteor/Dockerfile

@@ -67,4 +67,6 @@ COPY meteor/docker-entrypoint.sh /opt
 ENV WORKER_EXEC_DIR=/opt/packages/job-worker
 
 WORKDIR /opt/core/
+RUN chown -R 1000:1000 /opt/core
+USER 1000
 CMD ["/opt/docker-entrypoint.sh"]

meteor/Dockerfile.circle

@@ -6,24 +6,27 @@ ENV NODE_URL="https://static.meteor.com/dev-bundle-node-os/unofficial-builds/v${
 ENV DIR_NODE=/usr/local
 
 RUN apk add --no-cache \
-    libstdc++ \
-    && apk add --no-cache --virtual .build-deps-full \
-    binutils-gold \
-    curl \
-    gnupg \
-    xz
+	libstdc++ \
+	&& apk add --no-cache --virtual .build-deps-full \
+	binutils-gold \
+	curl \
+	gnupg \
+	xz
 
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 RUN echo $NODE_URL \
-    && curl -sSL "$NODE_URL" | tar -xz -C /usr/local/ && mv $DIR_NODE/node-v${NODE_VERSION}-linux-x64 $DIR_NODE/v$NODE_VERSION
+	&& curl -sSL "$NODE_URL" | tar -xz -C /usr/local/ && mv $DIR_NODE/node-v${NODE_VERSION}-linux-x64 $DIR_NODE/v$NODE_VERSION
 
 # add node and npm to path so the commands are available
-ENV NODE_PATH $DIR_NODE/v$NODE_VERSION/lib/node_modules
-ENV PATH $DIR_NODE/v$NODE_VERSION/bin:$PATH
+ENV NODE_PATH=$DIR_NODE/v$NODE_VERSION/lib/node_modules
+ENV PATH=$DIR_NODE/v$NODE_VERSION/bin:$PATH
 
 # confirm installation
 RUN node -v && npm -v
 
 COPY meteor/bundle /opt/core
 COPY meteor/docker-entrypoint.sh /opt
-WORKDIR /opt/core/
+WORKDIR /opt/core
+RUN chown -R 1000:1000 /opt/core
+USER 1000
 CMD ["/opt/docker-entrypoint.sh"]

packages/live-status-gateway/Dockerfile

@@ -27,4 +27,6 @@ COPY --from=0 /opt/shared-lib /opt/shared-lib
 COPY --from=0 /opt/corelib /opt/corelib
 
 WORKDIR /opt/live-status-gateway
+RUN chown -R 1000:1000 /opt/live-status-gateway
+USER 1000
 CMD ["node", "dist/index.js"]

packages/live-status-gateway/Dockerfile.circle

@@ -10,4 +10,6 @@ COPY shared-lib /opt/shared-lib
 COPY corelib /opt/corelib
 
 WORKDIR /opt/live-status-gateway
+RUN chown -R 1000:1000 /opt/live-status-gateway
+USER 1000
 CMD ["node", "dist/index.js"]

packages/mos-gateway/Dockerfile

@@ -23,4 +23,6 @@ COPY --from=0 /opt/server-core-integration /opt/server-core-integration
 COPY --from=0 /opt/shared-lib /opt/shared-lib
 
 WORKDIR /opt/mos-gateway
+RUN chown -R 1000:1000 /opt/mos-gateway
+USER 1000
 CMD ["node", "dist/index.js"]

packages/mos-gateway/Dockerfile.circle

@@ -8,4 +8,6 @@ COPY server-core-integration /opt/server-core-integration
 COPY shared-lib /opt/shared-lib
 
 WORKDIR /opt/mos-gateway
+RUN chown -R 1000:1000 /opt/mos-gateway
+USER 1000
 CMD ["node", "dist/index.js"]

packages/playout-gateway/Dockerfile

@@ -23,4 +23,6 @@ COPY --from=0 /opt/server-core-integration /opt/server-core-integration
 COPY --from=0 /opt/shared-lib /opt/shared-lib
 
 WORKDIR /opt/playout-gateway
+RUN chown -R 1000:1000 /opt/playout-gateway
+USER 1000
 CMD ["node", "dist/index.js"]

packages/playout-gateway/Dockerfile.circle

@@ -8,4 +8,6 @@ COPY server-core-integration /opt/server-core-integration
 COPY shared-lib /opt/shared-lib
 
 WORKDIR /opt/playout-gateway
+RUN chown -R 1000:1000 /opt/playout-gateway
+USER 1000
 CMD ["node", "dist/index.js"]