Docker entrypoint for running the application as non-root user

dockerfile-alpine

@@ -4,22 +4,25 @@ WORKDIR /app
 
 # split the sqlite install here, so that it can caches the arm prebuilt
 RUN apk add --no-cache --virtual .build-deps make g++ python3 python3-dev git && \
-            ln -s /usr/bin/python3 /usr/bin/python && \
-            npm install mapbox/node-sqlite3#593c9d && \
-            apk del .build-deps && \
-            rm -f /usr/bin/python
+    ln -s /usr/bin/python3 /usr/bin/python && \
+    npm install mapbox/node-sqlite3#593c9d && \
+    apk del .build-deps && \
+    rm -f /usr/bin/python
 
 COPY . .
-RUN npm install --legacy-peer-deps && npm run build && npm prune --production
+RUN npm install --legacy-peer-deps && \
+    npm run build && \
+    npm prune --production && \
+    chmod +x /app/extra/entrypoint.sh
 
 
 FROM node:14-alpine3.12 AS release
 WORKDIR /app
 
-# Install apprise
-RUN apk add --no-cache python3 py3-cryptography py3-pip py3-six py3-yaml py3-click py3-markdown py3-requests py3-requests-oauthlib && \
-            pip3 --no-cache-dir install apprise && \
-            rm -rf /root/.cache
+# Install apprise, iputils for non-root ping, setpriv
+RUN apk add --no-cache iputils setpriv python3 py3-cryptography py3-pip py3-six py3-yaml py3-click py3-markdown py3-requests py3-requests-oauthlib && \
+    pip3 --no-cache-dir install apprise && \
+    rm -rf /root/.cache
 
 # Copy app files from build layer
 COPY --from=build /app /app
@@ -27,6 +30,7 @@ COPY --from=build /app /app
 EXPOSE 3001
 VOLUME ["/app/data"]
 HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD node extra/healthcheck.js
+ENTRYPOINT ["extra/entrypoint.sh"]
 CMD ["node", "server/server.js"]
 
 FROM release AS nightly