From 61696a544760fb99070bbf86918f3e2c95105001 Mon Sep 17 00:00:00 2001
From: Jasper Herzberg <jhrzbrg@outlook.com>
Date: Thu, 1 Feb 2024 10:13:47 +0100
Subject: [PATCH] build: use non-root user for API container

---
 apps/api/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile
index e37e5fe6a..c61bf7fc2 100644
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -13,9 +13,9 @@ RUN npm --omit=dev ci
 COPY ./dist/apps/api ./
 
 # Use distroless for maximum security: https://github.com/GoogleContainerTools/distroless
-FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian11
+FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian12:nonroot
 
-COPY --from=builder /app /app
+COPY --chown=nonroot --from=builder /app /app
 WORKDIR /app
 
 ENV PORT=3333