From 43f63ec2b57b4b85d40c056cc9279fac5a2ef85e Mon Sep 17 00:00:00 2001
From: Vishal <vishalmhjn3@gmail.com>
Date: Fri, 25 Oct 2024 09:31:08 +0200
Subject: [PATCH] build: use non-root privilege in container

---
 Dockerfile   | 17 ++++++++++++-----
 compose.yaml |  4 +---
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e50b3b8..569ffc3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,21 +7,28 @@ FROM python:${PYTHON_VERSION}-slim as base
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
-WORKDIR /app
+RUN groupadd -r modeler && useradd -r -g modeler modeler
+
+ENV HOME=/home/modeler
+
+USER modeler
+
+WORKDIR $HOME
 
 # Install dependencies
-COPY requirements.txt .
-RUN python -m pip install -r requirements.txt
+COPY --chown=modeler:modeler requirements.txt .
+RUN python -m pip install --user -r requirements.txt
 
 # Copy the application files
-COPY . .
+COPY --chown=modeler:modeler . .
 
+# Create folder for saving outputs
 RUN mkdir ./predictions
 RUN mkdir ./model_output
 
 # Expose the application port
 EXPOSE 5000
 
-WORKDIR /app/src
+WORKDIR $HOME/src
 
 CMD ["sh", "-c", "python main.py -t -m knn && python app.py"]
diff --git a/compose.yaml b/compose.yaml
index 090ea42..bb80b2e 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,5 +1,3 @@
-version: '3.8'
-
 volumes:
   traffic-volume:
     name: "traffic-volume"
@@ -13,7 +11,7 @@ services:
     ports:
       - "5000:5000"
     volumes:
-      - traffic-volume:/app
+      - traffic-volume:/home/modeler
     container_name: traffic-app
     stdin_open: true
     tty: true