From 411d1492f4d44baab11cff2cc73b5aa1b932703c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <jmm@yavook.de>
Date: Mon, 18 Sep 2023 21:03:38 +0200
Subject: [PATCH] Dockerfile best practices

---
 Dockerfile | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c9f481b..cf39c0c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,11 @@ FROM node:lts AS build-ui
 WORKDIR /usr/local/src/advent22_ui
 
 # install dependencies
-COPY ui/package*.json ui/yarn*.lock .
+COPY ui/package*.json ui/yarn*.lock ./
 RUN yarn install --production false
 
 # copy and build full ui
-COPY ui .
+COPY ui ./
 RUN yarn build --dest /tmp/advent22_ui/html
 
 ###########
@@ -23,12 +23,17 @@ WORKDIR /usr/local/src/advent22_api
 # env setup
 ENV \  
     PRODUCTION_MODE="true" \
-    APP_MODULE="advent22_api.app:app"
+    MODULE_NAME="advent22_api.app"
 
 # install api
-COPY api .
-RUN python -m pip --no-cache-dir install .
+COPY api ./
+RUN set -ex; \
+    rm -rf /app; \
+    \
+    python -m pip --no-cache-dir install ./
 
 # add prebuilt ui
 COPY --from=build-ui /tmp/advent22_ui /usr/local/share/advent22_ui
 
+# run as unprivileged user
+USER nobody