From 1b972af52c5ca320c37fd6cb74dc5b448c5f69ee Mon Sep 17 00:00:00 2001
From: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Date: Thu, 10 Mar 2022 22:48:22 -0500
Subject: [PATCH] docker: Upgrade base alpine packages, run glider as non-root
 (#314)

---
 .Dockerfile | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.Dockerfile b/.Dockerfile
index 90d08f5..83efae1 100644
--- a/.Dockerfile
+++ b/.Dockerfile
@@ -23,7 +23,17 @@ RUN arch="$(apk --print-arch)"; \
     rm /dist -rf
 
 FROM alpine
-RUN apk add --no-cache ca-certificates
-COPY --from=build-env /app /app
+
 WORKDIR /app
-ENTRYPOINT ["./glider"]
\ No newline at end of file
+COPY --from=build-env /app /app
+
+RUN apk -U upgrade --no-cache \
+    && apk --no-cache add ca-certificates shadow \
+    && groupadd -g 1000 glider \
+    && useradd -r -u 1000 -g glider glider \
+    && apk --no-cache del shadow \
+    && chown -R glider:glider /app \
+    && chmod +x /app/glider
+    
+USER glider
+ENTRYPOINT ["./glider"]