From 67c3ee47e480b4924f048c79882db80d799a301e Mon Sep 17 00:00:00 2001
From: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Date: Tue, 20 Apr 2021 21:17:53 -0400
Subject: [PATCH] Support for non-root container

Added glider user and group to final image. Support for running Glider container as non-root user. Build image is now pinned to Golang 1.16 to avoid future issues when 1.17 is released.
---
 Dockerfile | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 580415e..a0bbfd2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,25 @@
-# build stage
-FROM golang:alpine AS build-env
-RUN apk --no-cache add build-base git gcc
-ADD . /src
-RUN cd /src && go build -v -ldflags "-s -w"
+# Build Stage
+FROM golang:1.16-alpine AS build-env
 
-# final stage
+ADD . /src
+
+RUN apk --no-cache add build-base git gcc \
+    && cd /src && go build -v -ldflags "-s -w"
+
+# Final Stage
 FROM alpine
-RUN apk -U upgrade --no-cache && \
-    apk add --no-cache bind-tools ca-certificates
-WORKDIR /app
+
 COPY --from=build-env /src/glider /app/
+
+RUN apk -U upgrade \
+    && apk add bind-tools ca-certificates shadow \
+    && groupadd -g 1000 glider \
+    && useradd -r -u 1000 -g glider glider \
+    && apk del shadow \
+    && chown -R glider:glider /app
+    && apk -v cache clean
+    
+WORKDIR /app
+USER glider
+
 ENTRYPOINT ["./glider"]