Skip to content

conf(compose & chart): update conf to be rootless#39

Merged
thomasboni merged 1 commit into
mainfrom
rootless
May 7, 2026
Merged

conf(compose & chart): update conf to be rootless#39
thomasboni merged 1 commit into
mainfrom
rootless

Conversation

@thomasboni
Copy link
Copy Markdown
Contributor

@thomasboni thomasboni commented May 7, 2026

No description provided.

@cursor
Copy link
Copy Markdown

cursor Bot commented May 7, 2026
edited
Loading

PR Summary

Medium Risk
Updates runtime user/port assumptions for the backend/worker and enforces non-root security contexts, which can break deployments if clusters/ingress/volumes expect privileged ports or root ownership.

Overview
Bumps the Helm chart/app version to 1.3.6 and updates image tags (frontend v2.34.8, backend/worker v2.40.1).

Switches Helm defaults for front, backend, and worker to run rootless by default by setting container + pod securityContext (runAsNonRoot with explicit UID/GID and fsGroup).

Updates local deployment examples (Docker Compose + Podman) to use a non-privileged backend port (JOBS_LISTEN_PORT=3000), adjusts exposed ports/Traefik routing to target 3000, and changes worker startup to invoke the distroless backend binary via args (no shell wrapper).

Reviewed by Cursor Bugbot for commit e3d9e71. Bugbot is set up for automated code reviews on this repo. Configure here.

@thomasboni thomasboni changed the title conf(compose & chart): update conf to be non-root conf(compose & chart): update conf to be rootless May 7, 2026
cursor[bot]
cursor Bot reviewed May 7, 2026
View reviewed changes
Comment thread podman.yml.example
cursor[bot]
cursor Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 9184147. Configure here.

Comment thread podman.yml.example
@thomasboni thomasboni merged commit 51992c7 into main May 7, 2026
3 checks passed
This was referenced May 12, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomasboni