fix: Add user to docker image. Add sec context to container.

lock-manager/Dockerfile

@@ -3,6 +3,17 @@ FROM node:18.18.2-alpine3.18 AS baseimage
 # Build image
 FROM baseimage AS BUILD
 
+ENV USER=pit
+ENV UID=1001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
 WORKDIR /opt/build
 COPY package.json package-lock.json tsconfig.json ./
 RUN npm ci
@@ -21,5 +32,7 @@ COPY --from=BUILD /opt/build/node_modules/ ./node_modules
 COPY --from=BUILD /opt/build/dist/ ./dist
 COPY migrations/ ./migrations
 
+USER ${USER}:${USER}
+
 CMD ["npm", "run", "migrate_and_start"]
 

lock-manager/deployment/helm/templates/deployment.yaml

@@ -16,6 +16,8 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}        
           image: "{{ .Values.pod.repository }}:{{ .Values.IMAGE_TAG }}"
           imagePullPolicy: IfNotPresent
           ports:

lock-manager/deployment/helm/values.yaml

@@ -21,4 +21,4 @@ WEB_APP_CONTEXT_ROOT:
 securityContext:
   allowPrivilegeEscalation: false
   runAsNonRoot: true
-  runAsUser: 1000
+  runAsUser: 1001