fix webhook plugin vulnerabilities - root user (#571)

Author: denis-codefresh

incubating/webhook/Dockerfile

@@ -1,5 +1,6 @@
 FROM node:14.21.3-bullseye-slim
 
+
 #RUN apk add --no-cache bash git openssh-client
 
 # Create app directory
@@ -15,5 +16,9 @@ RUN yarn install --frozen-lockfile --production
 # copy app files
 COPY . ./
 
+RUN useradd -d /home/username -m -s /bin/bash codefresh
+
+USER codefresh
+
 # run application
 CMD ["node", "/app/index.js"]

incubating/webhook/step.yaml

@@ -4,7 +4,7 @@ metadata:
   name: webhook
   title: Call a custom webhook
   latest: true
-  version: 0.0.12
+  version: 0.0.13
   isPublic: true
   description: Notify any webook URL with any custom request body.
   sources:
@@ -70,7 +70,7 @@ spec:
   steps:
     main:
       name: webhook
-      image: quay.io/codefreshplugins/webhook-plugin:0.0.12
+      image: quay.io/codefreshplugins/webhook-plugin:0.0.13
       environment:
         - 'WEBHOOK_USERNAME=${{WEBHOOK_USERNAME}}'
         - 'WEBHOOK_PASSWORD=${{WEBHOOK_PASSWORD}}'