Skip to content

Review GitHub Pull Request for Missing Elements #1200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Review GitHub Pull Request for Missing Elements #1200

wants to merge 1 commit into from

Conversation

@santib
Copy link
Member

@santib santib commented Oct 27, 2025

This commit implements the rootless user functionality for both production and development Docker images with all improvements from PR #837 review:

Changes made:

  • Added rootless user setup using 'rails' username (not 'rails_api_base')
  • Used ARG instead of ENV for USERNAME, USER_UID, and USER_GID build variables
  • Set proper file ownership and permissions (700) for security
  • Added explanatory comment for temporary root switch in jemalloc symlink creation
  • Applied --chown and --chmod flags to all COPY operations

Security improvements:

  • Application now runs as non-root user (UID/GID 1000)
  • Reduced attack surface by limiting privileges
  • Follows Docker security best practices

Files modified:

  • Dockerfile: Added rootless user for production image
  • Dockerfile.dev: Added rootless user for development image

🤖 Generated with Claude Code

Board:

Description:

Notes:

Tasks:

  • Add each element in this format

Risk:

Preview:

@claude
Implement Docker rootless user with reviewer feedback improvements
619d4e9 
This commit implements the rootless user functionality for both production
and development Docker images with all improvements from PR #837 review:

Changes made:
- Added rootless user setup using 'rails' username (not 'rails_api_base')
- Used ARG instead of ENV for USERNAME, USER_UID, and USER_GID build variables
- Set proper file ownership and permissions (700) for security
- Added explanatory comment for temporary root switch in jemalloc symlink creation
- Applied --chown and --chmod flags to all COPY operations

Security improvements:
- Application now runs as non-root user (UID/GID 1000)
- Reduced attack surface by limiting privileges
- Follows Docker security best practices

Files modified:
- Dockerfile: Added rootless user for production image
- Dockerfile.dev: Added rootless user for development image

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 27, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@santib santib closed this Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@santib @claude