From 5dc0fe897865406baedd01ea71baccdcd4468102 Mon Sep 17 00:00:00 2001
From: Aurora <5505558+duggalsu@users.noreply.github.com>
Date: Tue, 5 Sep 2023 16:43:21 +0530
Subject: [PATCH] Harden dockerfile - Updated node alpine image version with
 explicit digest - Optimized node tooling for production - Changed ownership
 of copied files - Updated .dockerignore

---
 browser-extension/api-server/.dockerignore | 7 ++++++-
 browser-extension/api-server/Dockerfile    | 7 ++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/browser-extension/api-server/.dockerignore b/browser-extension/api-server/.dockerignore
index 5171c540..62f74280 100644
--- a/browser-extension/api-server/.dockerignore
+++ b/browser-extension/api-server/.dockerignore
@@ -1,2 +1,7 @@
+.dockerignore
 node_modules
-npm-debug.log
\ No newline at end of file
+npm-debug.log
+Dockerfile
+.git
+.gitignore
+.npmrc
\ No newline at end of file
diff --git a/browser-extension/api-server/Dockerfile b/browser-extension/api-server/Dockerfile
index 3d00cd2b..7370e16c 100644
--- a/browser-extension/api-server/Dockerfile
+++ b/browser-extension/api-server/Dockerfile
@@ -1,12 +1,13 @@
-FROM node:16-alpine
+FROM node:18.17.1-alpine3.18@sha256:3482a20c97e401b56ac50ba8920cc7b5b2022bfc6aa7d4e4c231755770cf892f
+ENV NODE_ENV production
 WORKDIR /app
 
-COPY package.json /app/package.json
+COPY --chown=node:node package.json /app/package.json
 RUN cd /app
 RUN npm install --ignore-scripts
 RUN npm install sequelize-cli --ignore-scripts
 RUN npm install -g nodemon --ignore-scripts
-COPY ./entrypoint.sh /
+COPY --chown=node:node ./entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 USER node
 ENTRYPOINT ["/entrypoint.sh"]