fix: add .dockerignore and non-root USER to Dockerfile

2026-04-20 20:27:42 +02:00
parent 7ce544a051
commit 3796cfca87
2 changed files with 15 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,10 @@
+.git
+.gitea
+.worktrees
+.DS_Store
+*.log
+.env*
+.vscode
+.idea
+bin/
+brain/
--- a/5
+++ b/5
@@ -29,6 +29,9 @@ COPY --from=builder /out/supervisor /usr/local/bin/supervisor
 # Bake in config (models.yaml + skill discipline files)
 COPY config/ /app/config/

+# Run as non-root
+RUN groupadd -r supervisor && useradd -r -g supervisor -d /app supervisor
+
 WORKDIR /app

 # brain/ is writable state — mount a PersistentVolume here
@@ -40,6 +43,8 @@ ENV SUPERVISOR_BRAIN_DIR=/app/brain
 ENV SUPERVISOR_SESSIONS_DIR=/app/brain/sessions
 ENV SUPERVISOR_PORT=3200

+USER supervisor
+
 EXPOSE 3200

 ENTRYPOINT ["/usr/local/bin/supervisor"]