Spaces:

LokeshEka
/

chart

Sleeping

LokeshEka commited on Jul 21, 2025

Commit

aa60985

verified ·

1 Parent(s): 54e9ed2

Update Dockerfile

Files changed (1) hide show

Dockerfile CHANGED Viewed

@@ -1,29 +1,31 @@
 FROM node:20-slim
-# Create a non-root user 'appuser' with a home directory
 RUN useradd -m -s /bin/bash appuser
 # Set the application directory inside the user's home
-ENV APP_HOME=/home/appuser/app
 WORKDIR ${APP_HOME}
-# Copy package files first for better Docker layer caching
 COPY package*.json ./
-# Install dependencies as root
 RUN npm install
-# Copy the rest of the application source code into the WORKDIR
 COPY . .
-# Create the 'images' directory AND set ownership for the entire app directory.
-# This is the crucial step. We create the directory as root, then give
-# the non-root user ownership of everything.
-RUN mkdir -p ${APP_HOME}/images && \
-    chown -R appuser:appuser ${APP_HOME}
-# Switch to the non-root user
-USER appuser
 EXPOSE 7860
 CMD ["node", "server.js"]

+# Use a specific version for reproducibility
 FROM node:20-slim
+# Create a non-root user 'appuser' and its home directory
 RUN useradd -m -s /bin/bash appuser
+# Switch to the non-root user *early*.
+# All subsequent commands will be run as 'appuser'.
+USER appuser
+# Set the user's home directory as a base
+ENV HOME=/home/appuser
 # Set the application directory inside the user's home
+ENV APP_HOME=${HOME}/app
+# Set the WORKDIR. Since we are 'appuser', this directory will be created and owned by 'appuser'.
 WORKDIR ${APP_HOME}
+# Copy package files. They will be owned by 'appuser' because of the USER command above.
 COPY package*.json ./
+# Run npm install as 'appuser'. It has permission to write to its own WORKDIR.
 RUN npm install
+# Copy the rest of the application code. It will also be owned by 'appuser'.
 COPY . .
+# Expose the port
 EXPOSE 7860
+# Run the server. The process starts as 'appuser' and has full control over the APP_HOME directory.
 CMD ["node", "server.js"]