From 67e6ab22bf63598588156c2e32ce35bc0f62bc7e Mon Sep 17 00:00:00 2001
From: Tobias Lindberg <tobias.ehlert@gmail.com>
Date: Fri, 15 Mar 2024 13:07:53 +0100
Subject: [PATCH] Fix permission issues with Dockerfile nonroot implementation
 (#274)

---
 Dockerfile | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0ec4ee7..3b3d5c2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # get golang container
-FROM golang:1.22.1
+FROM golang:1.22.1 AS builder
 
 # get args
 ARG apiVersion=unknown
@@ -21,23 +21,24 @@ RUN CGO_ENABLED=0 go build -ldflags="-w -s -X 'main.apiVersion=${apiVersion}'" -
 
 
 # get alpine container
-FROM alpine:3.19.1
+FROM alpine:3.19.1 AS app
 
-# create nonroot user
-RUN addgroup -S nonroot \
-  && adduser -S nonroot -G nonroot
+# create workdir
+WORKDIR /opt/app
 
-# add ca-certificates
+# add ca-certificates and tzdata
 RUN apk --no-cache add ca-certificates tzdata
 
-# create workdir
-WORKDIR /root/
+# create nonroot user and group
+RUN addgroup -S nonroot && \
+  adduser -S nonroot -G nonroot && \
+  chown -R nonroot:nonroot .
 
-# copy binary from first container
-COPY --from=0 /go/src/app .
+# set user to nonroot
+USER nonroot:nonroot
 
-# set user
-USER nonroot
+# copy binary from builder
+COPY --from=builder --chown=nonroot:nonroot --chmod=544 /go/src/app .
 
 # expose port 8080
 EXPOSE 8080