Create rootless Dockerfile

.github/workflows/lint.yml

@@ -14,6 +14,14 @@ permissions:
   contents: write
 
 jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: hadolint/hadolint-action@v3
+        with:
+          verbose: true
   lint:
     runs-on: ubuntu-latest
     steps:

Dockerfile

@@ -1,2 +1,17 @@
-FROM node:20.12.2-alpine3.19 AS base
-RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sh -
+FROM node:20.12.2-alpine3.19
+
+USER 0:0
+
+RUN npm install -g pnpm \
+    && addgroup -g 1001 mermaid \
+    && adduser -u 1001 -G mermaid -h /home/mermaid -D mermaid \
+    && mkdir -p /workspaces/mermaid \
+    && chown mermaid:mermaid /workspaces/mermaid
+
+ENV NODE_OPTIONS="--max_old_space_size=8192"
+
+USER 1000:1000
+
+WORKDIR /workspaces/mermaid
+
+EXPOSE 9000 3333

docker-compose.yml

@@ -5,16 +5,13 @@ services:
       dockerfile: Dockerfile
     stdin_open: true
     tty: true
-    working_dir: /mermaid
+    working_dir: /workspaces/mermaid
     mem_limit: '8G'
-    entrypoint: ./docker-entrypoint.sh
-    environment:
-      - NODE_OPTIONS=--max_old_space_size=8192
     volumes:
-      - ./:/mermaid
-      - root_cache:/root/.cache
-      - root_local:/root/.local
-      - root_npm:/root/.npm
+      - ./:/workspaces/mermaid
+      - user_cache:/home/mermaid/.cache
+      - user_local:/home/mermaid/.local
+      - user_npm:/home/mermaid/.npm
       - /tmp:/tmp
     ports:
       - 9000:9000
@@ -23,17 +20,17 @@ services:
     image: cypress/included:13.7.3
     stdin_open: true
     tty: true
-    working_dir: /mermaid
+    working_dir: /workspaces/mermaid
     mem_limit: '2G'
     entrypoint: cypress
     environment:
       - DISPLAY
     volumes:
-      - ./:/mermaid
+      - ./:/workspaces/mermaid
       - /tmp/.X11-unix:/tmp/.X11-unix
     network_mode: host
 
 volumes:
-  root_cache:
-  root_local:
-  root_npm:
+  user_cache:
+  user_local:
+  user_npm: