From 7b9830c5af9ed731cf1d37ad693312eba58e4b29 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 19 Nov 2024 14:20:12 +0000
Subject: [PATCH] dockerfile: drop privileges to regular user

---
 Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1af6273a..7bfc3dac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,10 @@ RUN pnpm deploy --filter=@imput/cobalt-api --prod /prod/api
 FROM base AS api
 WORKDIR /app
 
-COPY --from=build /prod/api /app
-COPY --from=build /app/.git /app/.git
+COPY --from=build --chown=node:node /prod/api /app
+COPY --from=build --chown=node:node /app/.git /app/.git
+
+USER node
 
 EXPOSE 9000
 CMD [ "node", "src/cobalt" ]