From 33bd83732775edc5e3ffb4bbe94cd9463422249a Mon Sep 17 00:00:00 2001
From: Fyodor Doletov <doletov.fyodor@yandex.ru>
Date: Mon, 4 Aug 2025 00:44:46 +0300
Subject: [PATCH] feat(docker): safer dockerfile

---
 Dockerfile | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 552f429..6dacf8d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,11 @@
-FROM haxe:4.3-alpine
-WORKDIR /usr/src/app
+FROM haxe:4.3-alpine3.22
 
 RUN apk add nodejs npm git
 
+USER 0
+RUN addgroup -g 1000 app && adduser -u 1000 -G app -s /bin/sh -D app && mkdir /app
+WORKDIR /app
+
 COPY res ./res
 COPY src ./src
 COPY user ./user
@@ -10,10 +13,13 @@ COPY build-*.hxml ./
 COPY package*.json ./
 COPY default-config.json ./
 
+RUN chown -R app:app /app
+
+USER 1000
 RUN npm ci;
-RUN haxelib install all --always
-RUN haxe build-all.hxml
+RUN haxelib setup /app \
+    && haxelib install all --always && \
+    haxe build-all.hxml
 
-EXPOSE 4200
+ENTRYPOINT [ "npm", "start" ]
 
-CMD npm start