feat(docker): safer dockerfile (#65)

author: Senderman <doletov.fyodor@yandex.ru> 2025-08-04 00:52:01 +0300
committer: GitHub <noreply@github.com> 2025-08-04 00:52:01 +0300
commit: 6b97957566fa8a01b7fa37fb735de19ee442c297 (patch)
tree: 6e77e700a2bfc959e071797eb4eb4de9c59a70f9
parent: bf50f1e739414d13259786f1055cb3ea393d0298 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/Dockerfile b/Dockerfile
index 552f429..6dacf8d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,11 @@
-FROM haxe:4.3-alpine
-WORKDIR /usr/src/app
+FROM haxe:4.3-alpine3.22
 
 RUN apk add nodejs npm git
 
+USER 0
+RUN addgroup -g 1000 app && adduser -u 1000 -G app -s /bin/sh -D app && mkdir /app
+WORKDIR /app
+
 COPY res ./res
 COPY src ./src
 COPY user ./user
@@ -10,10 +13,13 @@ COPY build-*.hxml ./
 COPY package*.json ./
 COPY default-config.json ./
 
+RUN chown -R app:app /app
+
+USER 1000
 RUN npm ci;
-RUN haxelib install all --always
-RUN haxe build-all.hxml
+RUN haxelib setup /app \
+    && haxelib install all --always && \
+    haxe build-all.hxml
 
-EXPOSE 4200
+ENTRYPOINT [ "npm", "start" ]
 
-CMD npm start
author	Senderman <doletov.fyodor@yandex.ru>	2025-08-04 00:52:01 +0300
committer	GitHub <noreply@github.com>	2025-08-04 00:52:01 +0300
commit	6b97957566fa8a01b7fa37fb735de19ee442c297 (patch)
tree	6e77e700a2bfc959e071797eb4eb4de9c59a70f9
parent	bf50f1e739414d13259786f1055cb3ea393d0298 (diff)