diff --git a/server/cinema/.idea/misc.xml b/server/cinema/.idea/misc.xml index 639900d..6e86672 100644 --- a/server/cinema/.idea/misc.xml +++ b/server/cinema/.idea/misc.xml @@ -1,4 +1,3 @@ - diff --git a/server/cinema/Dockerfile b/server/cinema/Dockerfile index 97fda37..e81b867 100644 --- a/server/cinema/Dockerfile +++ b/server/cinema/Dockerfile @@ -1,13 +1,22 @@ # Use latest stable channel SDK. FROM dart:stable AS build +# Set user/group IDs (defaults to 1000:1000) +ARG PUID=1000 +ARG PGID=1000 + +# Create user and group +RUN groupadd -g $PGID appgroup && \ + useradd -u $PUID -g $PGID -m appuser + # Resolve app dependencies. WORKDIR /app COPY pubspec.* ./ RUN dart pub get # Copy app source code (except anything in .dockerignore) and AOT compile app. -COPY . . +COPY --chown=$PUID:$PGID . . +USER appuser RUN dart run build_runner build --delete-conflicting-outputs && \ APP_VERSION=$(grep 'version:' pubspec.yaml | sed 's/version: //') && \ dart compile exe bin/server.dart -o bin/server \ @@ -16,10 +25,18 @@ RUN dart run build_runner build --delete-conflicting-outputs && \ # Build minimal serving image from AOT-compiled `/server` # and the pre-built AOT-runtime in the `/runtime/` directory of the base image. FROM scratch + +# Set user/group IDs (defaults to 1000:1000) +ARG PUID=1000 +ARG PGID=1000 + COPY --from=build /runtime/ / COPY --from=build /app/bin/server /app/bin/ COPY assets /assets +# Set user for runtime (using numeric IDs since scratch has no users) +USER $PUID:$PGID + # Start server. EXPOSE 3000 CMD ["/app/bin/server"] diff --git a/server/cinema/pubspec.lock b/server/cinema/pubspec.lock index c2a5615..a98af5f 100644 --- a/server/cinema/pubspec.lock +++ b/server/cinema/pubspec.lock @@ -314,21 +314,13 @@ packages: source: hosted version: "0.7.2" json_annotation: - dependency: "direct main" + dependency: transitive description: name: json_annotation sha256: "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1" url: "https://pub.dev" source: hosted version: "4.9.0" - json_serializable: - dependency: "direct dev" - description: - name: json_serializable - sha256: "33a040668b31b320aafa4822b7b1e177e163fc3c1e835c6750319d4ab23aa6fe" - url: "https://pub.dev" - source: hosted - version: "6.11.1" lints: dependency: "direct dev" description: @@ -497,14 +489,6 @@ packages: url: "https://pub.dev" source: hosted version: "4.0.2" - source_helper: - dependency: transitive - description: - name: source_helper - sha256: "6a3c6cc82073a8797f8c4dc4572146114a39652851c157db37e964d9c7038723" - url: "https://pub.dev" - source: hosted - version: "1.3.8" source_map_stack_trace: dependency: transitive description: