This commit is contained in:
Leonid Pershin
@@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false
|
||||
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
|
||||
WORKDIR /app
|
||||
|
||||
# Install PostgreSQL client for healthcheck (optional)
|
||||
RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/*
|
||||
# Install PostgreSQL client, create user, and prepare directories
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \
|
||||
&& groupadd -r appuser && useradd -r -g appuser appuser \
|
||||
&& mkdir -p /app/logs
|
||||
|
||||
# Copy published application
|
||||
# Copy published application (safe: only contains compiled output from dotnet publish)
|
||||
COPY --from=publish /app/publish .
|
||||
|
||||
# Create directory for logs
|
||||
RUN mkdir -p /app/logs && chmod 755 /app/logs
|
||||
# Set ownership after copying files
|
||||
RUN chown -R appuser:appuser /app
|
||||
|
||||
# Switch to non-root user
|
||||
USER appuser
|
||||
|
||||
# Expose ports (if needed for health checks or metrics)
|
||||
EXPOSE 8080
|
||||
|
||||
Reference in New Issue
Block a user