Skip to content

Add non-root user to all Docker images#11

Merged
danellecline merged 2 commits into
mainfrom
copilot/add-non-root-user
Apr 24, 2026
Merged

Add non-root user to all Docker images#11
danellecline merged 2 commits into
mainfrom
copilot/add-non-root-user

Conversation

Copilot AI commented Apr 23, 2026

Copy link
Copy Markdown
Contributor

All Docker images ran as root by default. This adds a dedicated appuser (UID/GID 1001) to both Dockerfile and Dockerfile.cuda, with the IDs overridable at build time via ARG.

Changes

  • Both Dockerfiles (final stage)
    • ARG UID=1001 / ARG GID=1001 — overridable via --build-arg
    • groupadd / useradd creates appuser with the specified IDs
    • chown -R appuser:appuser /app /venv — transfers ownership of the app and venv
    • USER ${UID}:${GID} — drops to non-root for runtime; numeric IDs ensure enforcement in Kubernetes without name resolution

Usage

# Default 1001:1001
docker build -t fastapi-vss .

# Custom UID/GID
docker build --build-arg UID=2000 --build-arg GID=2000 -t fastapi-vss .

Copilot AI linked an issue Apr 23, 2026 that may be closed by this pull request
…overridable ARG

Agent-Logs-Url: https://github.com/mbari-org/vss/sessions/81fed97a-54da-4d92-aa46-3c7802b12681

Co-authored-by: danellecline <1424813+danellecline@users.noreply.github.com>
Copilot AI changed the title [WIP] Add non-root user to all Docker images Add non-root user to all Docker images Apr 23, 2026
Copilot AI requested a review from danellecline April 23, 2026 21:30
@danellecline danellecline marked this pull request as ready for review April 24, 2026 00:19
@danellecline danellecline merged commit 6784c22 into main Apr 24, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add non-root user

2 participants