Skip to content

Pin alpine base image and run as non-root user#41

Merged
eswan18 merged 2 commits into
mainfrom
dockerfile-nonroot-pinned-images
Feb 7, 2026
Merged

Pin alpine base image and run as non-root user#41
eswan18 merged 2 commits into
mainfrom
dockerfile-nonroot-pinned-images

Conversation

@eswan18
Copy link
Copy Markdown
Owner

@eswan18 eswan18 commented Feb 7, 2026

Summary

  • Pin runtime base image from alpine:latest to alpine:3.21 for reproducible builds
  • Add non-root appuser in the runtime stage using Alpine's adduser -D syntax
  • Add USER appuser directive before CMD so the container runs as non-root
  • Standardizes this Dockerfile with the fitness-api and fitness-dashboard services

Test plan

  • Build the Docker image locally and verify it completes successfully
  • Run the container and confirm the service starts and responds on port 8080
  • Verify the process runs as appuser (e.g. docker exec <ctr> whoami)
  • Deploy to staging and confirm K8s health probes pass

🤖 Generated with Claude Code

eswan18 and others added 2 commits February 6, 2026 20:24
@eswan18 @claude
Pin alpine base image and run as non-root user
2a7b311 
Standardize identity service Dockerfile with fitness-api and
fitness-dashboard: pin alpine:latest to alpine:3.21 and add a
non-root appuser for the runtime stage.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@eswan18 @claude
Revert Alpine version pin, use latest
d623357 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@eswan18 eswan18 merged commit bd7c72f into main Feb 7, 2026
1 check passed
@eswan18 eswan18 deleted the dockerfile-nonroot-pinned-images branch February 7, 2026 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eswan18