From d06ee9962b2adbdc72517747c0279af99857d8b8 Mon Sep 17 00:00:00 2001
From: Douglas Gardner <douglas.gardner@digital.homeoffice.gov.uk>
Date: Tue, 12 Mar 2019 13:31:58 +0000
Subject: [PATCH 1/2] Remove usage data config from Dockerfile

This commit removes configuration steps rendered superfluous by changes
introduced in 919e98e74b484b41a4967858ae853bdd16b89e5a.
---
 .dockerignore | 1 -
 Dockerfile    | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 144e527cd9..3c3629e647 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1 @@
 node_modules
-usage-data-config.json
diff --git a/Dockerfile b/Dockerfile
index fff3a796cd..4a0843a2eb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,10 +3,7 @@ FROM node:8.12-alpine
 ADD . /app
 WORKDIR /app
 
-ARG COLLECT_USAGE_DATA=true
-
 RUN npm install
-RUN echo "{\"collectUsageData\": $COLLECT_USAGE_DATA}" > usage-data-config.json
 
 EXPOSE 3000
 CMD ["npm", "start"]

From b3846eb86461ccaa94308153dcb34ac7eb657000 Mon Sep 17 00:00:00 2001
From: Douglas Gardner <douglas.gardner@digital.homeoffice.gov.uk>
Date: Tue, 12 Mar 2019 13:43:04 +0000
Subject: [PATCH 2/2] Add explicit user group to Dockerfile

Due to kubernetes@445393fdcefa6d0354b7ce32a2304a7765fbd305 one must use
numeric user groups if you want to run a container as non-root on
Kubernetes.

This commit ensures the container runs as a non-root user with an
explicit numeric ID, so that it can run on a Kubernetes cluster that
forces MustRunAsNonRoot.
---
 Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4a0843a2eb..78337f9ae5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,9 @@ FROM node:8.12-alpine
 ADD . /app
 WORKDIR /app
 
-RUN npm install
+RUN npm install --production
+
+RUN adduser -D -g nodejs -u 1002 nodejs && chown -R nodejs:nodejs .
 
 EXPOSE 3000
 CMD ["npm", "start"]