docker: change containers to run with non root user

Author: ffreddow

docker/docker-compose.yml

@@ -25,6 +25,7 @@ services:
     restart: no
     container_name: backend-build
     command: cargo build --release
+    user: "${UID:-1000}:${GID:-1000}"
     working_dir: /app
     volumes:
       - ../backend:/app
@@ -35,6 +36,7 @@ services:
     restart: always
     container_name: backend
     command: ./backend
+    user: "${UID:-1000}:${GID:-1000}"
     depends_on:
       postgres:
         condition: service_healthy
@@ -70,12 +72,16 @@ services:
     restart: no
     build:
       dockerfile: wg-webclient-builder/Dockerfile
+    user: "${UID:-1000}:${GID:-1000}"
     volumes:
       - ../wg-webclient:/build
 
   frontend-build:
     build:
       dockerfile: frontend-build/Dockerfile
+      args:
+        USER_ID: ${USER_ID:-1000}
+        GROUP_ID: ${GROUP_ID:-1000}
     restart: no
     command:
       - /bin/sh
@@ -87,6 +93,7 @@ services:
       wg-webclient-builder:
         condition: service_completed_successfully
     working_dir: /build
+    user: "${UID:-1000}:${GID:-1000}"
     environment:
       - IS_SEB=${IS_SEB}
     volumes:

docker/wg-webclient-builder/Dockerfile

@@ -1,6 +1,18 @@
 FROM rust:1-bookworm
 
-RUN apt update && apt install clang -y
-RUN curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
+RUN apt update && apt install -y clang && rm -rf /var/lib/apt/lists/*
+
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+
+RUN addgroup --gid ${GROUP_ID} builder && \
+	adduser --disabled-password --gecos "" \
+			--uid ${USER_ID} --ingroup builder \
+			--shell /bin/sh --home /home/builder --quiet builder
+
+USER builder
+
+RUN cargo install wasm-pack
+
 WORKDIR /build
-CMD wasm-pack build
+CMD ["wasm-pack", "build"]