From 19f612c009f6eb796a7f57925d59e6122435c656 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Van=C4=8Dura?= <commit@vancura.dev>
Date: Wed, 22 Jan 2025 12:01:57 +0100
Subject: [PATCH] Actor: Enhance Docker security with proper user permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Set proper ownership and permissions for runtime directory.
- Switch to non-root user for enhanced security.
- Use `--chown` flag in COPY commands to maintain correct file ownership.
- Ensure all files and directories are owned by `appuser`.

Signed-off-by: Václav Vančura <commit@vancura.dev>
---
 .actor/Dockerfile | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.actor/Dockerfile b/.actor/Dockerfile
index 79387300..1d158b28 100644
--- a/.actor/Dockerfile
+++ b/.actor/Dockerfile
@@ -14,9 +14,13 @@ RUN npm install -g apify-cli && npm cache clean --force
 
 WORKDIR /app
 
-RUN mkdir -p /tmp/runtime-root && chmod 0700 /tmp/runtime-root
+RUN mkdir -p /tmp/runtime-root && \
+    chmod 0700 /tmp/runtime-root && \
+    chown appuser:appuser /tmp/runtime-root
 
-COPY .actor/ .actor/
-COPY . .
+COPY --chown=appuser:appuser .actor/ .actor/
+COPY --chown=appuser:appuser . .
+
+USER appuser
 
 ENTRYPOINT [".actor/actor.sh"]