molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

Merge pull request #1591 from Molecule-AI/fix/canvas-dockerfile-uid-collision

Browse Source 
fix(canvas): unblock publish-canvas-image — drop default node user before uid 1000
This commit is contained in:
Hongming Wang 2026-04-22 10:22:18 -07:00 committed by GitHub
commit a8e4afe863
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
canvas/Dockerfile
View File

@ -21,6 +21,10 @@ EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
# Non-root runtime — node image defaults to root, explicitly drop.
RUN addgroup -g 1000 canvas && adduser -u 1000 -G canvas -s /bin/sh -D canvas
# node:20-alpine ships with a `node` user at uid/gid 1000; remove it before
# claiming 1000 for `canvas` so `addgroup -g 1000` doesn't collide.
RUN deluser --remove-home node 2>/dev/null || true; \
delgroup node 2>/dev/null || true; \
addgroup -g 1000 canvas && adduser -u 1000 -G canvas -s /bin/sh -D canvas
USER canvas
CMD ["node", "server.js"]