Design container to run as non-root

-change docker file

Change-Id: I2da9777dbb4b5feb9c5fb26ddb88f8df9a047bb2
Issue-ID: EXTAPI-202
Signed-off-by: romaingimbert <romain.gimbert@orange.com>

diff --git a/Dockerfile b/Dockerfile
index 9cc5868..91a6a9d 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,9 @@ ARG SERVER_PORT
 ARG PKG_FILENAME=nbi-rest-services-3.0.1.jar
 ADD target/$PKG_FILENAME app.jar
 
+RUN addgroup -S appgroup
+RUN adduser -S appuser -G appgroup
+
 COPY src/main/resources/certificate /certs
 ARG CERT_PASS=changeit
 RUN for cert in $(ls -d /certs/*); do \
@@ -32,6 +35,8 @@ RUN for cert in $(ls -d /certs/*); do \
                 --noprompt; \
     done
 
+USER appuser:appgroup
+
 ENV SERVER_PORT=${SERVER_PORT:-8080}
 ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"