Skip to content

Commit

Permalink
Tighten permissions in Dockerfiles (#1094)
Browse files Browse the repository at this point in the history
  • Loading branch information
@junlarsen
junlarsen authored Jan 25, 2025
1 parent ee83368 commit af2e7d6
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 26 deletions.
6 changes: 3 additions & 3 deletions apps/brevduen/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@ COPY apps ./apps
COPY packages ./packages
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./

RUN npm i -g [email protected]
RUN pnpm install --frozen-lockfile
RUN npm i -g [email protected] --ignore-scripts
RUN pnpm install --frozen-lockfile --ignore-scripts
RUN pnpm build:brevduen

FROM public.ecr.aws/lambda/nodejs:20 AS runner

WORKDIR ${LAMBDA_TASK_ROOT}

COPY --from=builder /usr/app/apps/brevduen/dist/* ./
COPY --from=builder --chmod=755 /usr/app/apps/brevduen/dist/* ./

CMD ["lambda.handler"]
12 changes: 6 additions & 6 deletions apps/dashboard/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ FROM base AS builder
WORKDIR /app

RUN apk update && apk add --no-cache libc6-compat
RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY apps ./apps
COPY packages ./packages
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./
Expand All @@ -15,9 +15,9 @@ WORKDIR /app

ENV DOCKER_BUILD=1

RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY --from=builder /app/out/json .
RUN pnpm install
RUN pnpm install --ignore-scripts
COPY --from=builder /app/out/full .
RUN turbo run build --filter @dotkomonline/dashboard

Expand All @@ -36,8 +36,8 @@ RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
USER nextjs

COPY --from=installer --chown=nextjs:nodejs /app/apps/dashboard/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs /app/apps/dashboard/.next/static ./apps/dashboard/.next/static
COPY --from=installer --chown=nextjs:nodejs /app/apps/dashboard/public ./apps/dashboard/public
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/dashboard/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/dashboard/.next/static ./apps/dashboard/.next/static
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/dashboard/public ./apps/dashboard/public

CMD node apps/dashboard/server.js
12 changes: 6 additions & 6 deletions apps/invoicification/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ FROM base AS builder
WORKDIR /app

RUN apk update && apk add --no-cache libc6-compat
RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY apps ./apps
COPY packages ./packages
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./
Expand All @@ -15,9 +15,9 @@ WORKDIR /app

ENV DOCKER_BUILD=1

RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY --from=builder /app/out/json .
RUN pnpm install
RUN pnpm install --ignore-scripts
COPY --from=builder /app/out/full .
RUN turbo run build --filter @dotkomonline/invoicification

Expand All @@ -36,8 +36,8 @@ RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
USER nextjs

COPY --from=installer --chown=nextjs:nodejs /app/apps/invoicification/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs /app/apps/invoicification/.next/static ./apps/invoicification/.next/static
COPY --from=installer --chown=nextjs:nodejs /app/apps/invoicification/public ./apps/invoicification/public
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/invoicification/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/invoicification/.next/static ./apps/invoicification/.next/static
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/invoicification/public ./apps/invoicification/public

CMD node apps/invoicification/server.js
12 changes: 6 additions & 6 deletions apps/rif/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ FROM base AS builder
WORKDIR /app

RUN apk update && apk add --no-cache libc6-compat
RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY apps ./apps
COPY packages ./packages
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./
Expand All @@ -15,9 +15,9 @@ WORKDIR /app

ENV DOCKER_BUILD=1

RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY --from=builder /app/out/json .
RUN pnpm install
RUN pnpm install --ignore-scripts
COPY --from=builder /app/out/full .
RUN turbo run build --filter @dotkomonline/rif

Expand All @@ -36,8 +36,8 @@ RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
USER nextjs

COPY --from=installer --chown=nextjs:nodejs /app/apps/rif/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs /app/apps/rif/.next/static ./apps/rif/.next/static
COPY --from=installer --chown=nextjs:nodejs /app/apps/rif/public ./apps/rif/public
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/rif/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/rif/.next/static ./apps/rif/.next/static
COPY --from=installer --chown=nextjs:nodejs --chmod=755 /app/apps/rif/public ./apps/rif/public

CMD node apps/rif/server.js
10 changes: 5 additions & 5 deletions apps/rpc/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ FROM base AS builder
WORKDIR /app

RUN apk update && apk add --no-cache libc6-compat
RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY apps ./apps
COPY packages ./packages
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json ./
Expand All @@ -15,9 +15,9 @@ WORKDIR /app

ENV DOCKER_BUILD=1

RUN npm install -g [email protected] [email protected]
RUN npm install -g [email protected] [email protected] --ignore-scripts
COPY --from=builder /app/out/json .
RUN pnpm install
RUN pnpm install --ignore-scripts
COPY --from=builder /app/out/full .
RUN turbo run build --filter @dotkomonline/rpc

Expand All @@ -34,7 +34,7 @@ RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 rpc
USER rpc

COPY --from=installer --chown=nextjs:rpc /app/apps/rpc/dist ./
COPY --from=installer --chown=nextjs:rpc /app/apps/rpc/package.json ./
COPY --from=installer --chown=nodejs:rpc --chmod=755 /app/apps/rpc/index.js ./
COPY --from=installer --chown=nodejs:rpc --chmod=755 /app/apps/rpc/package.json ./

CMD node index.js

0 comments on commit af2e7d6

Please sign in to comment.