fix: chown /app directory after user creation
Ensure the /app WORKDIR itself is owned by appuser (not just copied files), preventing runtime failures if the app writes to /app directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
0xjjjjjj
@@ -31,7 +31,8 @@ FROM base AS runtime
|
||||
|
||||
# Create non-root user before COPY so --chown can reference it.
|
||||
# Using COPY --chown avoids a slow recursive chown on overlay2 (docker/for-linux#388).
|
||||
RUN groupadd --system appgroup && useradd --system --gid appgroup --create-home appuser
|
||||
RUN groupadd --system appgroup && useradd --system --gid appgroup --create-home appuser \
|
||||
&& chown appuser:appgroup /app
|
||||
|
||||
# Copy virtual environment from deps stage
|
||||
COPY --from=deps --chown=appuser:appgroup /app/.venv /app/.venv
|
||||
|
||||
Reference in New Issue
Block a user