From 1f04a5097fd26e846f5242a19276dd18ed6aecd8 Mon Sep 17 00:00:00 2001
From: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
Date: Tue, 4 Jan 2022 13:10:18 +0100
Subject: [PATCH] fix(secu): use non-root container (#254)

* Update Dockerfile

* Update config.json
---
 .socialgouv/config.json | 1 +
 Dockerfile              | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.socialgouv/config.json b/.socialgouv/config.json
index 80d4450c..1795d449 100644
--- a/.socialgouv/config.json
+++ b/.socialgouv/config.json
@@ -4,6 +4,7 @@
   "subdomain": "archifiltre",
   "project": "archifiltre",
   "registry": "ghcr",
+  "containerPort": 3000, 
   "ingress": {
     "annotations": {}
   }
diff --git a/Dockerfile b/Dockerfile
index 03f6093d..4229e93d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,6 +7,10 @@ RUN apk add automake autoconf libtool dpkg pkgconfig nasm libpng libpng-dev g++
 RUN yarn --frozen-lockfile --prefer-offline && yarn cache clean
 RUN yarn build
 
-FROM ghcr.io/socialgouv/docker/nginx:6.53.2
+FROM ghcr.io/socialgouv/docker/nginx:6.65.0
 
-COPY --from=builder ./public /usr/share/nginx/html
+USER 101
+
+ENV PORT=3000
+
+COPY --from=builder --chown=nginx:nginx ./public /usr/share/nginx/html