build: improve non-root user creation in dockerfile

JakobLichterfeld · Mar 16, 2024 · ea32b5b · ea32b5b
1 parent f1ae5b9
commit ea32b5b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 ### Enhancements
 
+- build: improve non-root user creation in dockerfile
+
 ### Bug Fixes
 
 fix: Subscription to teslamate_topic_update_version added

diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 # Turns off buffering for easier container logging
 ENV PYTHONUNBUFFERED 1
 
-# install the OS build deps
+# Install the application dependencies
 RUN apt-get update && apt-get install -y \
     build-essential \
     libffi-dev \
@@ -17,21 +17,21 @@ RUN apt-get update && apt-get install -y \
     && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
-# Update pip
+# Upgrade pip
 RUN python -m pip install --upgrade pip
 
-# Copy requirements.txt and install requirements
+# Install the application dependencies
 WORKDIR /requirements
 COPY src/requirements.txt .
 RUN python -m pip install -r requirements.txt
 
-# Copy the rest of the code
+# Copy the application code
 WORKDIR /app
 COPY . /app
 
-# Switching to a non-root user, please refer to https://aka.ms/vscode-docker-python-user-rights
-RUN useradd appuser && chown -R appuser /app
+# Creates a non-root user to run the application and adds permission to access the /app folder
+RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
 USER appuser
 
-# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
+# Run the application
 CMD ["python", "./src/teslamte_telegram_bot.py"]