knative · prushh · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023
diff --git a/code-samples/serving/cloudevents/cloudevents-dotnet/Dockerfile b/code-samples/serving/cloudevents/cloudevents-dotnet/Dockerfile
@@ -25,6 +25,21 @@ RUN dotnet publish -c Release -o out
 
 # Build runtime image
 FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine
-WORKDIR /app
+
+ARG USER=appuser
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+
+# Create and change to the app directory.
+WORKDIR "/home/${USER}/app"
+
+# Add a user so the server will run as a non-root user.
+RUN addgroup -g $USER_GID $USER && \
+ adduser -u $USER_UID -G $USER -D $USER
+
 COPY --from=build-env /app/out .
+
+# Set the non-root user as current.
+USER $USER
+
 ENTRYPOINT ["dotnet", "CloudEventsSample.dll"]
diff --git a/code-samples/serving/cloudevents/cloudevents-go/Dockerfile b/code-samples/serving/cloudevents/cloudevents-go/Dockerfile
@@ -25,10 +25,24 @@ RUN go mod download
 # https://hub.docker.com/_/alpine
 # https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
 FROM alpine:3
-RUN apk add --no-cache ca-certificates
+
+ARG USER=appuser
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+
+# Create and change to the app directory.
+WORKDIR "/home/${USER}/app"
+
+# Add a user so the server will run as a non-root user.
+RUN addgroup -g $USER_GID $USER && \
+ adduser -u $USER_UID -G $USER -D $USER && \
+ apk add --no-cache ca-certificates
 
 # Copy the binary to the production image from the builder stage.
-COPY --from=builder /app/server /server
+COPY --from=builder /app/server ./server
+
+# Set the non-root user as current.
+USER $USER
 
 # Run the web service on container startup.
-CMD ["/server"]
+CMD ["./server"]
diff --git a/code-samples/serving/cloudevents/cloudevents-go/README.md b/code-samples/serving/cloudevents/cloudevents-go/README.md
@@ -31,7 +31,7 @@ cd knative-docs/code-samples/serving/cloudevents/cloudevents-go
 - [Docker](https://www.docker.com) installed and running on your local machine,
  and a Docker Hub account configured (we'll use it for a container registry).
 
-## The sample code.
+## The sample code
 
 1. If you look in `cloudevents.go`, you will see two key functions for the different modes of operation:
 
@@ -49,45 +49,55 @@ cd knative-docs/code-samples/serving/cloudevents/cloudevents-go
 
 2. Choose how you would like to build the application:
 
- ### Dockerfile
+### Dockerfile
+
+- If you look in `Dockerfile`, you will see a method for pulling in the dependencies and building a small Go container based on Alpine. You can build and push this to your registry of choice via:
 
- * If you look in `Dockerfile`, you will see a method for pulling in the dependencies and building a small Go container based on Alpine. You can build and push this to your registry of choice via:
 ```bash
 # Build and push the container on your local machine.
 docker buildx build --platform linux/arm64,linux/amd64 -t "<image>" --push .
 ```
 
- ### ko
+### ko
+
+- You can use [`ko`](https://github.com/google/ko) to build and push just the image with:
 
- * You can use [`ko`](https://github.com/google/ko) to build and push just the image with:
 ```bash
 ko publish github.com/knative/docs/code-samples/serving/cloudevents/cloudevents-go
 ```
- However, if you use `ko` for the next step, this is not necessary.
 
+However, if you use `ko` for the next step, this is not necessary.
 
 3. Choose how you would like to deploy the application:
 
- ### yaml (with Dockerfile)
- * If you look in `service.yaml`, take the `<image>` name you used earlier and insert it into the `image:` field, then run:
+### yaml (with Dockerfile)
+
+- If you look in `service.yaml`, take the `<image>` name you used earlier and insert it into the `image:` field, then run:
+
 ```bash
 kubectl apply -f service.yaml
 ```
 
- ### yaml (with ko)
- * If using `ko` to build and push:
+### yaml (with ko)
+
+- If using `ko` to build and push:
+
 ```bash
 ko apply -f service.yaml
 ```
 
- ### kn (with Dockerfile)
- * If using `kn` to deploy:
+### kn (with Dockerfile)
+
+- If using `kn` to deploy:
+
 ```bash
 kn service create cloudevents-go --image=<IMAGE>
 ```
 
- ### kn (with ko)
- * You can compose `kn` and `ko` to build and deploy with a single step using:
+### kn (with ko)
+
+- You can compose `kn` and `ko` to build and deploy with a single step using:
+
 ```bash
 kn service create cloudevents-go --image=$(ko publish github.com/knative/docs/code-samples/serving/cloudevents/cloudevents-go)
 ```

diff --git a/code-samples/serving/cloudevents/cloudevents-nodejs/Dockerfile b/code-samples/serving/cloudevents/cloudevents-nodejs/Dockerfile
@@ -12,27 +12,42 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM registry.access.redhat.com/ubi8/nodejs-12
+FROM node:20-alpine as builder
 
 # Copy application dependency manifests to the container image.
 # A wildcard is used to ensure both package.json AND package-lock.json are copied.
 # Copying this separately prevents re-running npm install on every code change.
 COPY package*.json ./
+COPY index.js ./
 
 # Use ci is faster and more reliable following package-lock.json
 RUN npm ci --only=production
 
+FROM node:20-alpine
+
+ARG USER=appuser
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+ARG ENV=production
+
 # Doc port listening port
-ENV PORT 8080
+ENV PORT=8080
+ENV NODE_ENV=$ENV
 
-EXPOSE $PORT
+# Create and change to the app directory.
+WORKDIR "/home/${USER}/app"
 
-ARG ENV=production
+# Add a user so the server will run as a non-root user.
+RUN addgroup -g $USER_GID $USER && \
+ adduser -u $USER_UID -G $USER -D $USER
 
-ENV NODE_ENV $ENV
+COPY --from=builder index.js ./
+COPY --from=builder package*.json ./
+COPY --from=builder node_modules ./node_modules
+
+EXPOSE $PORT
+
+USER $USER
 
 # Run the web service on container startup.
 CMD npm run $NODE_ENV
-
-# Copy local code to the container image.
-COPY . ./
diff --git a/code-samples/serving/cloudevents/cloudevents-nodejs/README.md b/code-samples/serving/cloudevents/cloudevents-nodejs/README.md
@@ -60,11 +60,11 @@ You can build and push this to your registry of choice via:
 
 ### yaml
 
- To deploy the Knative service, edit the `service.yaml` file and replace `<registry/repository/image:tag>` with the image you have just created.
+To deploy the Knative service, edit the `service.yaml` file and replace `<registry/repository/image:tag>` with the image you have just created.
 
- ```bash
- kubectl apply -f service.yaml
- ```
+```bash
+kubectl apply -f service.yaml
+```
 
 ### kn
 

diff --git a/code-samples/serving/cloudevents/cloudevents-nodejs/index.js b/code-samples/serving/cloudevents/cloudevents-nodejs/index.js
@@ -50,7 +50,7 @@ const receiveAndSend = (cloudEvent, res) => {
  console.log(`Sent event: ${JSON.stringify(ce, null, 2)}`)
  console.log(`K_SINK responded: ${JSON.stringify({ status: responseSink.status, headers: responseSink.headers, data: responseSink.data }, null, 2)}`)
  })
- .catch(console.error)
+  .catch(console.error)
 }
 
 // receiveAndReply responds with new event