From 50f4ab3c6c64db6ae3abc046382f9df0acc3499e Mon Sep 17 00:00:00 2001
From: Janne Mareike Koschinski <janne@kuschku.de>
Date: Fri, 22 Apr 2022 14:47:55 +0200
Subject: [PATCH] run docker image as unprivileged user

---
 Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a456e8f..b11efc3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,7 +27,11 @@ RUN npm run build
 
 FROM alpine:3.15
 WORKDIR /
-COPY --from=go_builder /go/src/app/app /app
+RUN apk --no-cache add imagemagick
+RUN addgroup -g 1000 -S app && \
+    adduser -u 1000 -G app -S app
+COPY --from=go_builder /go/src/app/app /
 COPY templates /templates
-COPY --from=asset_builder /app/assets /assets
+COPY --from=asset_builder /app/assets /
+USER app
 ENTRYPOINT ["/app"]
-- 
GitLab