Added nonroot user access in dockerfile

Signed-off-by: Sheetal-ayanworks <sheetal.shevalkar@ayanworks.com>
credebl · Feb 10, 2024 · a635b1d · a635b1d
1 parent a90a40e
commit a635b1d
Show file tree

Hide file tree

Showing 12 changed files with 100 additions and 8 deletions.
diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning
@@ -1,10 +1,12 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
 # RUN npm install -g pnpm
-# Install AWS CLI
-# RUN apk update
-# RUN apk add openssh-client
-# RUN apk update
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
+
+
 # RUN apk add aws-cli
 RUN npm install -g pnpm --ignore-scripts \
     && apk update \
@@ -32,10 +34,10 @@ RUN pnpm run build agent-provisioning
 
 # Stage 2: Create the final image
 FROM node:18-alpine as prod
-# Install AWS CLI
-# RUN apk update
-# RUN apk add openssh-client
-# RUN apk update
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 # RUN apk add aws-cli
 RUN npm install -g pnpm --ignore-scripts \
     && apk update \

diff --git a/Dockerfiles/Dockerfile.agent-service b/Dockerfiles/Dockerfile.agent-service
@@ -1,5 +1,10 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -19,6 +24,11 @@ RUN pnpm run build agent-service
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.api-gateway b/Dockerfiles/Dockerfile.api-gateway
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build api-gateway
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.connection b/Dockerfiles/Dockerfile.connection
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build connection
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.ecosystem b/Dockerfiles/Dockerfile.ecosystem
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build ecosystem
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.issuance b/Dockerfiles/Dockerfile.issuance
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build issuance
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.ledger b/Dockerfiles/Dockerfile.ledger
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -21,6 +25,10 @@ RUN npm run build ledger
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.organization b/Dockerfiles/Dockerfile.organization
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build organization
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm --ignore-scripts
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.user b/Dockerfiles/Dockerfile.user
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-slim as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 
 # We don't need the standalone Chromium
@@ -33,6 +37,10 @@ RUN pnpm run build user
 
 # Stage 2: Create the final image
 FROM node:18-slim
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 
 # We don't need the standalone Chromium
 ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true

diff --git a/Dockerfiles/Dockerfile.utility b/Dockerfiles/Dockerfile.utility
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-slim as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 
 # We don't need the standalone Chromium
@@ -33,6 +37,10 @@ RUN pnpm run build utility
 
 # Stage 2: Create the final image
 FROM node:18-slim
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 
 # We don't need the standalone Chromium
 ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true

diff --git a/Dockerfiles/Dockerfile.verification b/Dockerfiles/Dockerfile.verification
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 # Set the working directory
 WORKDIR /app
@@ -19,6 +23,10 @@ RUN npm run build verification
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 # Set the working directory
 WORKDIR /app

diff --git a/Dockerfiles/Dockerfile.webhook b/Dockerfiles/Dockerfile.webhook
@@ -1,5 +1,9 @@
 # Stage 1: Build the application
 FROM node:18-alpine as build
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 # Set the working directory
 WORKDIR /app
@@ -20,6 +24,10 @@ RUN pnpm run build webhook
 
 # Stage 2: Create the final image
 FROM node:18-alpine
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+USER nonroot
 RUN npm install -g pnpm
 # Set the working directory
 WORKDIR /app