feat: allow images to run as non-root user

src/Admin/Dockerfile

@@ -1,21 +1,102 @@
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+###############################################
+#                 Build stage                 #
+###############################################
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+ARG GIT_COMMIT
 
+# Docker buildx supplies the value for this arg
+ARG TARGETPLATFORM
+
+# Determine proper runtime value for .NET
+RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
+    RID=linux-x64 ; \
+    elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+    RID=linux-arm64 ; \
+    elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
+    RID=linux-arm ; \
+    fi \
+    && echo "RID=$RID" > /tmp/rid.txt
+
+# Copy csproj files as distinct layers
+WORKDIR /source
+COPY src/Admin/*.csproj ./src/Admin/
+COPY src/Core/*.csproj ./src/Core/
+COPY src/Infrastructure.Dapper/*.csproj ./src/Infrastructure.Dapper/
+COPY src/Infrastructure.EntityFramework/*.csproj ./src/Infrastructure.EntityFramework/
+COPY src/SharedWeb/*.csproj ./src/SharedWeb/
+COPY util/Migrator/*.csproj ./util/Migrator/
+COPY util/MySqlMigrations/*.csproj ./util/MySqlMigrations/
+COPY util/PostgresMigrations/*.csproj ./util/PostgresMigrations/
+COPY util/SqliteMigrations/*.csproj ./util/SqliteMigrations/
+COPY bitwarden_license/src/Commercial.Core/*.csproj ./bitwarden_license/src/Commercial.Core/
+COPY bitwarden_license/src/Commercial.Infrastructure.EntityFramework/*.csproj ./bitwarden_license/src/Commercial.Infrastructure.EntityFramework/
+COPY Directory.Build.props .
+
+# Set up Node
+ARG NODE_VERSION=20
+RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - \
+    && apt-get update \
+    && apt-get install -y nodejs \
+    && npm install -g npm@latest && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copying package.json, package-lock.json, and packages.lock.json
+WORKDIR /source/src/Admin
+COPY src/Admin/package*.json .
+RUN npm ci
+
+# Restore project dependencies and tools
+RUN . /tmp/rid.txt && dotnet restore -r $RID
+
+# Copy required project files
+WORKDIR /source
+COPY src/Admin/. ./src/Admin/
+COPY src/Core/. ./src/Core/
+COPY src/Infrastructure.Dapper/. ./src/Infrastructure.Dapper/
+COPY src/Infrastructure.EntityFramework/. ./src/Infrastructure.EntityFramework/
+COPY src/SharedWeb/. ./src/SharedWeb/
+COPY util/Migrator/. ./util/Migrator/
+COPY util/MySqlMigrations/. ./util/MySqlMigrations/
+COPY util/PostgresMigrations/. ./util/PostgresMigrations/
+COPY util/SqliteMigrations/. ./util/SqliteMigrations/
+COPY util/EfShared/. ./util/EfShared/
+COPY bitwarden_license/src/Commercial.Core/. ./bitwarden_license/src/Commercial.Core/
+COPY bitwarden_license/src/Commercial.Infrastructure.EntityFramework/. ./bitwarden_license/src/Commercial.Infrastructure.EntityFramework/
+COPY .git/. ./.git/
+COPY .editorconfig /source
+
+# Build project
+WORKDIR /source/src/Admin
+RUN npm run build
+RUN . /tmp/rid.txt && dotnet publish \
+    --self-contained \
+    /p:PublishSingleFile=true \
+    /p:SourceRevisionId="$GIT_COMMIT" \
+    -r $RID \
+    -o out
+
+###############################################
+#                  App stage                  #
+###############################################
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
 LABEL com.bitwarden.product="bitwarden"
+EXPOSE 5000
+
+ENV ASPNETCORE_URLS=http://+:5000
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
     gosu \
     curl \
-    krb5-user \    
     && rm -rf /var/lib/apt/lists/*
 
-ENV ASPNETCORE_URLS http://+:5000
-WORKDIR /app
-EXPOSE 5000
-COPY obj/build-output/publish .
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
+ENV ASPNETCORE_URLS=http://+:5000
 
-HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+# Copy app from the build stage
+WORKDIR /app
+COPY --from=build /source/src/Admin/out /app
+COPY ./src/Admin/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
 
 ENTRYPOINT ["/entrypoint.sh"]