Run container as non-root (#52)

* Run container as non-root

* Consolidate a few RUN commands to minimize layers that are created during

Author: milancurcic

backend/Docker/Dockerfile

@@ -1,32 +1,35 @@
-#Basic Container
 FROM alpine:latest
 
-#Installing necessary packages
-RUN apk add --no-cache bash bash-doc bash-completion
-RUN apk add --no-cache musl-dev
-RUN apk add --no-cache gfortran
-RUN apk add git
-RUN apk add wget
+# Install system dependencies
+RUN apk add --no-cache \
+    bash \
+    bash-completion \
+    bash-doc \
+    gfortran \
+    git \
+    musl-dev \
+    wget
 
-WORKDIR /fortran
-#Fetching FPM from releases
-RUN wget https://github.com/fortran-lang/fpm/releases/download/v0.6.0/fpm-0.6.0-linux-x86_64 -4 
-RUN mv fpm-0.6.0-linux-x86_64 fpm
-#Setup for FPM 
-RUN chmod u+x fpm
-RUN mkdir playground
-RUN mkdir playground/app 
-RUN mkdir playground/libraries
+# Create a non-root user
+RUN adduser -D fortran
+USER fortran
+WORKDIR /home/fortran
 
-#Fetching libraries
-WORKDIR /fortran/playground/libraries
-#Setting up stdlib
-RUN git clone https://github.com/fortran-lang/stdlib.git
-WORKDIR /fortran/playground/libraries/stdlib
-RUN git checkout stdlib-fpm
-WORKDIR /fortran/playground
-COPY fpm.toml /fortran/playground/fpm.toml
-COPY main.f90 /fortran/playground/app/main.f90
-RUN /fortran/fpm build
+# Set up fpm
+RUN wget https://github.com/fortran-lang/fpm/releases/download/v0.6.0/fpm-0.6.0-linux-x86_64 -4 -O fpm && \
+    chmod u+x fpm
+RUN mkdir playground && \
+    mkdir playground/app && \
+    mkdir playground/libraries
 
+# Fetch libraries
+WORKDIR /home/fortran/playground/libraries
 
+# Set up stdlib
+RUN git clone https://github.com/fortran-lang/stdlib
+WORKDIR /home/fortran/playground/libraries/stdlib
+RUN git checkout stdlib-fpm
+WORKDIR /home/fortran/playground
+COPY fpm.toml /home/fortran/playground/fpm.toml
+COPY main.f90 /home/fortran/playground/app/main.f90
+RUN /home/fortran/fpm build

backend/app.py

@@ -16,7 +16,12 @@
 
 # Starting container
 client = docker.from_env()
-container = client.containers.run("playground-prod", tty=True, detach=True, network_disabled=True)
+container = client.containers.run(
+    "playground-prod",
+    tty=True,
+    detach=True,
+    network_disabled=True
+)
 
 #Converting tutorial YAML
 with open('tutorial.yml', 'r') as file:
@@ -63,11 +68,11 @@ def copy_to(src, dst, container):
 
 # Executing code inside container and getting it's output
 def execute_code_in_container():
-    copy_to('./main.f90', '/fortran/playground/app/main.f90', container)
-    copy_to('./program_input.txt', '/fortran/playground/program_input.txt', container)
-    copy_to('./fpm.toml','/fortran/playground/fpm.toml', container)
-    container.exec_run('sh -c "/fortran/fpm build"')
-    a = container.exec_run('sh -c "cat program_input.txt | timeout 15s /fortran/fpm run"',demux=True)
+    copy_to('./main.f90', '/home/fortran/playground/app/main.f90', container)
+    copy_to('./program_input.txt', '/home/fortran/playground/program_input.txt', container)
+    copy_to('./fpm.toml','/home/fortran/playground/fpm.toml', container)
+    container.exec_run('sh -c "/home/fortran/fpm build"')
+    a = container.exec_run('sh -c "cat program_input.txt | timeout 15s /home/fortran/fpm run"',demux=True)
 
     return a
 
@@ -80,15 +85,12 @@ def run_code():
     edit_file(data["code"], data["programInput"], data["libs"])
     code_result = execute_code_in_container()
     if code_result.output[0] == None:
-        print(code_result.output)
         output = jsonify({"executed": ""})
         if '<ERROR>' in code_result.output[1].decode():
             output = jsonify({"executed" : code_result.output[1].decode()})
 
         return output, 202
     output = jsonify({"executed": code_result.output[0].decode()})
-    print(code_result.output)
-    
 
     return output, 202