security(atlasbot): run images as non-root

2026-04-22 00:00:09 -03:00 · 2026-04-22 00:00:09 -03:00 · 48c639e651
commit 48c639e651
parent 7908019fc7
2 changed files with 10 additions and 1 deletions
--- a/4
+++ b/4
@ -11,6 +11,9 @@ COPY pyproject.toml /app/pyproject.toml
 RUN pip install --no-cache-dir --retries 10 -r /app/requirements.txt

 COPY atlasbot /app/atlasbot
+RUN addgroup --system atlasbot && \
+    adduser --system --ingroup atlasbot --home /app atlasbot && \
+    chown -R atlasbot:atlasbot /app

 FROM base AS test
 COPY requirements-dev.txt /app/requirements-dev.txt
@ -21,4 +24,5 @@ COPY scripts /app/scripts

 FROM base AS runtime
 EXPOSE 8090
+USER atlasbot
 CMD ["python", "-m", "atlasbot.main"]
--- a/Dockerfile.base
+++ b/Dockerfile.base
@ -6,4 +6,9 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
 WORKDIR /app
 COPY requirements.txt /app/requirements.txt
 COPY requirements-dev.txt /app/requirements-dev.txt
-RUN pip install --no-cache-dir -r /app/requirements.txt -r /app/requirements-dev.txt
+RUN pip install --no-cache-dir -r /app/requirements.txt -r /app/requirements-dev.txt && \
+    addgroup --system atlasbot && \
+    adduser --system --ingroup atlasbot --home /app atlasbot && \
+    chown -R atlasbot:atlasbot /app
+
+USER atlasbot