From 341e8a4a0c2392d85ef352bd68489b2e26948681 Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Mon, 4 Dec 2023 10:52:19 +0200
Subject: [PATCH] Dockerfiles use non-root user (#1497)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---
 hawkbit-runtime/docker/docker_build/Dockerfile           | 4 ++++
 hawkbit-runtime/docker/docker_build/Dockerfile-mysql     | 4 ++++
 hawkbit-runtime/docker/docker_build/Dockerfile_dev       | 4 ++++
 hawkbit-runtime/docker/docker_build/Dockerfile_dev-mysql | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/hawkbit-runtime/docker/docker_build/Dockerfile b/hawkbit-runtime/docker/docker_build/Dockerfile
index c3f3d0871..b63dd1a27 100644
--- a/hawkbit-runtime/docker/docker_build/Dockerfile
+++ b/hawkbit-runtime/docker/docker_build/Dockerfile
@@ -26,6 +26,10 @@ RUN set -x &&\
 
 FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
 
+RUN addgroup -S hawkbit_group && adduser -D hawkbit -G hawkbit_group
+RUN mkdir -p /artifactrepo && chown -R hawkbit /artifactrepo
+USER hawkbit
+
 ENV BUILD_DIR=/opt/hawkbit_build
 COPY --from=build ${BUILD_DIR}/dependencies/ ./
 COPY --from=build ${BUILD_DIR}/spring-boot-loader/ ./
diff --git a/hawkbit-runtime/docker/docker_build/Dockerfile-mysql b/hawkbit-runtime/docker/docker_build/Dockerfile-mysql
index fb3684985..c9c74a273 100644
--- a/hawkbit-runtime/docker/docker_build/Dockerfile-mysql
+++ b/hawkbit-runtime/docker/docker_build/Dockerfile-mysql
@@ -36,6 +36,10 @@ RUN set -x &&\
 
 FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
 
+RUN addgroup -S hawkbit_group && adduser -D hawkbit -G hawkbit_group
+RUN mkdir -p /artifactrepo && chown -R hawkbit /artifactrepo
+USER hawkbit
+
 ENV BUILD_DIR=/opt/hawkbit_build
 COPY --from=build ${BUILD_DIR}/dependencies/ ./
 COPY --from=build ${BUILD_DIR}/spring-boot-loader/ ./
diff --git a/hawkbit-runtime/docker/docker_build/Dockerfile_dev b/hawkbit-runtime/docker/docker_build/Dockerfile_dev
index 69d9053eb..7223b869b 100644
--- a/hawkbit-runtime/docker/docker_build/Dockerfile_dev
+++ b/hawkbit-runtime/docker/docker_build/Dockerfile_dev
@@ -20,6 +20,10 @@ RUN set -x &&\
 
 FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
 
+RUN addgroup -S hawkbit_group && adduser -D hawkbit -G hawkbit_group
+RUN mkdir -p /artifactrepo && chown -R hawkbit /artifactrepo
+USER hawkbit
+
 ENV BUILD_DIR=/opt/hawkbit_build
 COPY --from=build ${BUILD_DIR}/dependencies/ ./
 COPY --from=build ${BUILD_DIR}/spring-boot-loader/ ./
diff --git a/hawkbit-runtime/docker/docker_build/Dockerfile_dev-mysql b/hawkbit-runtime/docker/docker_build/Dockerfile_dev-mysql
index a8c3e25b9..073dc83c0 100644
--- a/hawkbit-runtime/docker/docker_build/Dockerfile_dev-mysql
+++ b/hawkbit-runtime/docker/docker_build/Dockerfile_dev-mysql
@@ -20,6 +20,10 @@ RUN set -x &&\
 
 FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
 
+RUN addgroup -S hawkbit_group && adduser -D hawkbit -G hawkbit_group
+RUN mkdir -p /artifactrepo && chown -R hawkbit /artifactrepo
+USER hawkbit
+
 ENV BUILD_DIR=/opt/hawkbit_build
 COPY --from=build ${BUILD_DIR}/dependencies/ ./
 COPY --from=build ${BUILD_DIR}/spring-boot-loader/ ./