generated from cfpb/open-source-project-template
/
Dockerfile
26 lines (23 loc) · 874 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
FROM node:16.20-alpine3.17 as build-stage
WORKDIR /usr/src/app
ARG DOCKER_TAG="latest"
COPY / /usr/src/app
# TODO: CREATE RELEASE TAG -- RUN echo "{ \"version\": \"${DOCKER_TAG}\" }" > ./src/common/constants/release.json
RUN yarn install
RUN yarn build
FROM nginx:1.24-alpine
ENV NGINX_USER=svc_nginx_sbl
RUN apk update; apk upgrade
RUN rm -rf /etc/nginx/conf.d
COPY nginx /etc/nginx
COPY --from=build-stage /usr/src/app/dist /usr/share/nginx/html
# Security Basline - The `sed` was added to meet requirement 17
RUN sed -i '/Faithfully yours/d' /usr/share/nginx/html/50x.html && \
adduser -S $NGINX_USER nginx && \
addgroup -S $NGINX_USER && \
addgroup $NGINX_USER $NGINX_USER && \
touch /run/nginx.pid && \
chown -R $NGINX_USER:$NGINX_USER /etc/nginx /run/nginx.pid /var/cache/nginx/
EXPOSE 8080
USER svc_nginx_sbl
CMD ["nginx", "-g", "daemon off;"]