creating home directory for bfs user and having production image run as bfs

Author: David Zuckerman

Dockerfile

@@ -4,7 +4,7 @@ USER root
 # Configure users and groups
 RUN groupadd -g 40054 alma && \
     useradd -r -s /sbin/nologin -M -u 40054 -g alma alma && \
-    useradd -u 40061 bfs && \
+    useradd -u 40061 bfs -m && \
     groupadd -g 40061 bfs && \
     usermod -u 40061 -g bfs -G alma -l bfs default && \
     find / -user 1001 -exec chown -h bfs {} \; || true && \
@@ -53,6 +53,8 @@ FROM base AS production
 # COPY --from=development --chown=bfs /opt/app /opt/app
 COPY --from=development --chown=bfs /usr/local/bundle /usr/local/bundle
 
+USER bfs
+
 WORKDIR /opt/app
 RUN bundle config set frozen 'true'
 RUN bundle install --local

docker-compose.yml

@@ -13,8 +13,9 @@ services:
       - ./:/opt/app:rw
       - ./secrets:/run/secrets:ro
     secrets:
-      - source: SSH_KEY 
-        target: /opt/app/.ssh/id_rsa
+      - source: SSH_KEY
+        user: "bfs"
+        target: /home/bfs/.ssh/id_rsa
         uid: "40061"
         gid: "40061"
         mode: 0400