From 55050d6b33c8aecbb8698e5ab01ce9fd6954bc38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= <emiliano.sune@gmail.com>
Date: Mon, 21 Oct 2024 16:08:30 -0700
Subject: [PATCH] Fix permissions in service image, added .dockerignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Emiliano Suñé <emiliano.sune@gmail.com>
---
 .dockerignore     |  4 ++++
 docker/Dockerfile | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..17a5bb7
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,4 @@
+.devcontainer
+.github
+.vscode
+docker
\ No newline at end of file
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9ea7de8..e5b1ab6 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,7 +1,14 @@
-FROM python:3.12
+FROM python:3.12-slim
+
+# Create unprivileged user and group for service
+RUN addgroup vcservice
+RUN useradd -g vcservice vcservice
 
 WORKDIR /app
 
+# make user owner of app folder
+RUN chown -R vcservice:vcservice /app
+
 RUN pip install --no-cache-dir --upgrade pip
 RUN pip install poetry
 
@@ -12,4 +19,6 @@ RUN poetry install --no-root --only main
 
 COPY ../ ./
 
+USER vcservice
+
 CMD ["fastapi", "run", "main.py", "--port", "8080", "--proxy-headers"]
\ No newline at end of file