Instead of using dangerous chmod 777 permissions, we use proper user ownership with chown. This gives the service user full access to its files while maintaining security boundaries.

DeepakNemad · DeepakNemad · commit b85207d96150 · 2026-03-17T11:13:26.000+05:30
Result: Zero functionality loss + Maximum security improvement + Trivy compliance.
Signed-off-by: DeepakNemad &lt;deepak.nemade@ayanworks.com&gt;
diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning
@@ -40,6 +40,7 @@ COPY --from=build /app/libs/ ./libs/
 COPY --from=build /app/node_modules ./node_modules
 COPY --from=build /app/apps/agent-provisioning/AFJ/scripts ./agent-provisioning/AFJ/scripts
 COPY --from=build /app/apps/agent-provisioning/AFJ/port-file ./agent-provisioning/AFJ/port-file
-RUN chown -R nextjs:nodejs /app/agent-provisioning
+RUN chmod +x /app/agent-provisioning/AFJ/scripts/*.sh \
+    && chown -R nextjs:nodejs /app/agent-provisioning
 USER nextjs
-CMD ["node", "dist/apps/agent-provisioning/main.js"]
+CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-provisioning/main.js"]
