From ebfab6f7f43e053ffc032b15409f93e20f300193 Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <james.odonnell@dtc.ox.ac.uk>
Date: Thu, 5 Dec 2024 10:19:52 +0000
Subject: [PATCH] build: run the production apps as the node user

In the production image, change the owner and group of all the app files to `node:node`, then run the Next.js apps as `node`.
---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 7290d997a5..6081ffc78f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -64,6 +64,10 @@ RUN mkdir -p /usr/src
 
 WORKDIR /usr/src/
 
+RUN chown -R node:node .
+
+USER node
+
 COPY --from=builder /usr/src/package.json /usr/src/package.json
 
 COPY --from=builder /usr/src/.yarn /usr/src/.yarn