Skip to content

modify dockerfile.dev and compose.yaml#4777

Open
mjacquot1 wants to merge 1 commit intowevote:developfrom
mjacquot1:wv_4286_nonroot_user_named_volume_multi_stage_build
Open

modify dockerfile.dev and compose.yaml#4777
mjacquot1 wants to merge 1 commit intowevote:developfrom
mjacquot1:wv_4286_nonroot_user_named_volume_multi_stage_build

Conversation

@mjacquot1
Copy link
Copy Markdown
Contributor

@mjacquot1 mjacquot1 commented Apr 13, 2026

What github.com/wevote/WebApp/issues does this fix?

Epic: https://wevoteusa.atlassian.net/browse/WV-4285
Child: https://wevoteusa.atlassian.net/browse/WV-4286

Changes included this pull request?

  • Run containers as a non-root user. This reduces the potential impact of any malicious scripts by limiting system-level access.
  • Use a named volume for node_modules. This prevents leftover or “dangling” dependencies from persisting across builds and causing inconsistencies. (Addendum, anonymous volumes persist after docker compose down, and on relaunching the container a new volume is created. This leaves a dangling volume of ~750mb)
  • Adopt multi-stage Docker builds. Dependencies will be installed during the image build process rather than at runtime, ensuring a more controlled and reproducible environment.

@DaleMcGrew DaleMcGrew requested a review from josephevans April 13, 2026 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josephevans josephevans Awaiting requested review from josephevans

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mjacquot1