Actor: Enhance Docker security with proper user permissions

- Set proper ownership and permissions for runtime directory. - Switch to non-root user for enhanced security. - Use `--chown` flag in COPY commands to maintain correct file ownership. - Ensure all files and directories are owned by `appuser`. Signed-off-by: Václav Vančura <commit@vancura.dev>
2025-07-30 22:14:37 +00:00 · 2025-01-22 12:01:57 +01:00 · 2025-01-22 12:01:57 +01:00 · 19f612c009
commit 19f612c009
parent ae491b0516
1 changed files with 7 additions and 3 deletions
--- a/.actor/Dockerfile
+++ b/.actor/Dockerfile
@ -14,9 +14,13 @@ RUN npm install -g apify-cli && npm cache clean --force

 WORKDIR /app

-RUN mkdir -p /tmp/runtime-root && chmod 0700 /tmp/runtime-root
+RUN mkdir -p /tmp/runtime-root && \
+    chmod 0700 /tmp/runtime-root && \
+    chown appuser:appuser /tmp/runtime-root

-COPY .actor/ .actor/
-COPY . .
+COPY --chown=appuser:appuser .actor/ .actor/
+COPY --chown=appuser:appuser . .
+
+USER appuser

 ENTRYPOINT [".actor/actor.sh"]