From 9451d908d813e3d6ae5d0ffb8679453f9f294031 Mon Sep 17 00:00:00 2001 From: DaMandal0rian Date: Sat, 22 Nov 2025 19:39:10 -0400 Subject: [PATCH 1/3] fix dockerfile and add non-root user --- Dockerfile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Dockerfile b/Dockerfile index eefa0c1..bd55b5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,17 @@ COPY pyproject.toml ./ # Create healthcheck file RUN touch /app/healthcheck +# Create non-root user with UID 1000 to match Kubernetes securityContext +# This ensures the application can write to /app/healthcheck at runtime +RUN groupadd -g 1000 oracle && \ + useradd -u 1000 -g oracle -s /bin/bash -m oracle + +# Change ownership of all /app files to the oracle user +RUN chown -R oracle:oracle /app + +# Switch to non-root user for runtime security +USER oracle + # Use Tini as entrypoint for proper signal handling ENTRYPOINT ["/usr/bin/tini", "--"] From f3165ecbe3e9dc06dd775927076f758036cc1763 Mon Sep 17 00:00:00 2001 From: DaMandal0rian <3614052+DaMandal0rian@users.noreply.github.com> Date: Sun, 23 Nov 2025 02:43:01 +0300 Subject: [PATCH 2/3] Update Dockerfile fix groupadd command Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bd55b5a..731ada2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,7 @@ RUN touch /app/healthcheck # Create non-root user with UID 1000 to match Kubernetes securityContext # This ensures the application can write to /app/healthcheck at runtime -RUN groupadd -g 1000 oracle && \ +RUN groupadd -f -g 1000 oracle && \ useradd -u 1000 -g oracle -s /bin/bash -m oracle # Change ownership of all /app files to the oracle user From 95dcdaad98779ba3654aca083be2cd61d6b829cf Mon Sep 17 00:00:00 2001 From: DaMandal0rian <3614052+DaMandal0rian@users.noreply.github.com> Date: Sun, 23 Nov 2025 02:43:14 +0300 Subject: [PATCH 3/3] Update Dockerfile comment Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 731ada2..1c155e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,7 +51,7 @@ COPY pyproject.toml ./ # Create healthcheck file RUN touch /app/healthcheck -# Create non-root user with UID 1000 to match Kubernetes securityContext +# Create non-root user with UID 1000 for improved security # This ensures the application can write to /app/healthcheck at runtime RUN groupadd -f -g 1000 oracle && \ useradd -u 1000 -g oracle -s /bin/bash -m oracle