From a635b1d5e9ca0ec45bd949c3d6b16cc1b21f322c Mon Sep 17 00:00:00 2001 From: Sheetal-ayanworks Date: Sat, 10 Feb 2024 11:32:00 +0530 Subject: [PATCH] Added nonroot user access in dockerfile Signed-off-by: Sheetal-ayanworks --- Dockerfiles/Dockerfile.agent-provisioning | 18 ++++++++++-------- Dockerfiles/Dockerfile.agent-service | 10 ++++++++++ Dockerfiles/Dockerfile.api-gateway | 8 ++++++++ Dockerfiles/Dockerfile.connection | 8 ++++++++ Dockerfiles/Dockerfile.ecosystem | 8 ++++++++ Dockerfiles/Dockerfile.issuance | 8 ++++++++ Dockerfiles/Dockerfile.ledger | 8 ++++++++ Dockerfiles/Dockerfile.organization | 8 ++++++++ Dockerfiles/Dockerfile.user | 8 ++++++++ Dockerfiles/Dockerfile.utility | 8 ++++++++ Dockerfiles/Dockerfile.verification | 8 ++++++++ Dockerfiles/Dockerfile.webhook | 8 ++++++++ 12 files changed, 100 insertions(+), 8 deletions(-) diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning index b46bd2ce5..489c1132f 100644 --- a/Dockerfiles/Dockerfile.agent-provisioning +++ b/Dockerfiles/Dockerfile.agent-provisioning @@ -1,10 +1,12 @@ # Stage 1: Build the application FROM node:18-alpine as build # RUN npm install -g pnpm -# Install AWS CLI -# RUN apk update -# RUN apk add openssh-client -# RUN apk update +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot + + # RUN apk add aws-cli RUN npm install -g pnpm --ignore-scripts \ && apk update \ @@ -32,10 +34,10 @@ RUN pnpm run build agent-provisioning # Stage 2: Create the final image FROM node:18-alpine as prod -# Install AWS CLI -# RUN apk update -# RUN apk add openssh-client -# RUN apk update +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot # RUN apk add aws-cli RUN npm install -g pnpm --ignore-scripts \ && apk update \ diff --git a/Dockerfiles/Dockerfile.agent-service b/Dockerfiles/Dockerfile.agent-service index d8f174419..465a7bbe0 100644 --- a/Dockerfiles/Dockerfile.agent-service +++ b/Dockerfiles/Dockerfile.agent-service @@ -1,5 +1,10 @@ # Stage 1: Build the application FROM node:18-alpine as build + +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -19,6 +24,11 @@ RUN pnpm run build agent-service # Stage 2: Create the final image FROM node:18-alpine + +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.api-gateway b/Dockerfiles/Dockerfile.api-gateway index 28d9a448b..923c43061 100644 --- a/Dockerfiles/Dockerfile.api-gateway +++ b/Dockerfiles/Dockerfile.api-gateway @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build api-gateway # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.connection b/Dockerfiles/Dockerfile.connection index f6649fdbb..9c3d709eb 100644 --- a/Dockerfiles/Dockerfile.connection +++ b/Dockerfiles/Dockerfile.connection @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build connection # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.ecosystem b/Dockerfiles/Dockerfile.ecosystem index 6d24dda41..888631af1 100644 --- a/Dockerfiles/Dockerfile.ecosystem +++ b/Dockerfiles/Dockerfile.ecosystem @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build ecosystem # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.issuance b/Dockerfiles/Dockerfile.issuance index c72962566..918308774 100644 --- a/Dockerfiles/Dockerfile.issuance +++ b/Dockerfiles/Dockerfile.issuance @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build issuance # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.ledger b/Dockerfiles/Dockerfile.ledger index 8d6d55a5b..9d72c97fa 100644 --- a/Dockerfiles/Dockerfile.ledger +++ b/Dockerfiles/Dockerfile.ledger @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -21,6 +25,10 @@ RUN npm run build ledger # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.organization b/Dockerfiles/Dockerfile.organization index 231d46614..7a6bc7739 100644 --- a/Dockerfiles/Dockerfile.organization +++ b/Dockerfiles/Dockerfile.organization @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build organization # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm --ignore-scripts # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.user b/Dockerfiles/Dockerfile.user index fb6fde4b2..ebd3944f9 100644 --- a/Dockerfiles/Dockerfile.user +++ b/Dockerfiles/Dockerfile.user @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-slim as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # We don't need the standalone Chromium @@ -33,6 +37,10 @@ RUN pnpm run build user # Stage 2: Create the final image FROM node:18-slim +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot # We don't need the standalone Chromium ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true diff --git a/Dockerfiles/Dockerfile.utility b/Dockerfiles/Dockerfile.utility index b12a4cfc4..b0fc82a64 100644 --- a/Dockerfiles/Dockerfile.utility +++ b/Dockerfiles/Dockerfile.utility @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-slim as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # We don't need the standalone Chromium @@ -33,6 +37,10 @@ RUN pnpm run build utility # Stage 2: Create the final image FROM node:18-slim +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot # We don't need the standalone Chromium ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true diff --git a/Dockerfiles/Dockerfile.verification b/Dockerfiles/Dockerfile.verification index 7a99e59cf..6943ef223 100644 --- a/Dockerfiles/Dockerfile.verification +++ b/Dockerfiles/Dockerfile.verification @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # Set the working directory WORKDIR /app @@ -19,6 +23,10 @@ RUN npm run build verification # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # Set the working directory WORKDIR /app diff --git a/Dockerfiles/Dockerfile.webhook b/Dockerfiles/Dockerfile.webhook index 977f3ed3c..dc37e41d0 100644 --- a/Dockerfiles/Dockerfile.webhook +++ b/Dockerfiles/Dockerfile.webhook @@ -1,5 +1,9 @@ # Stage 1: Build the application FROM node:18-alpine as build +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # Set the working directory WORKDIR /app @@ -20,6 +24,10 @@ RUN pnpm run build webhook # Stage 2: Create the final image FROM node:18-alpine +RUN addgroup -S nonroot \ + && adduser -S nonroot -G nonroot + +USER nonroot RUN npm install -g pnpm # Set the working directory WORKDIR /app