From 96233c6b13247144548d4981bcb3bc2f044cebf5 Mon Sep 17 00:00:00 2001
From: platipo <enrico.paganin@mail.com>
Date: Fri, 9 Oct 2020 20:23:33 +0200
Subject: [PATCH] Add non-root user for running uwsgi in Dockerfile (#388)

* Add non-root user for running uwsgi in Dockerfile

* Fix PermissionError due to COPY after chown

* Bump flake8 from 3.8.3 to 3.8.4

Bumps [flake8](https://gitlab.com/pycqa/flake8) from 3.8.3 to 3.8.4.
- [Release notes](https://gitlab.com/pycqa/flake8/tags)
- [Commits](https://gitlab.com/pycqa/flake8/compare/3.8.3...3.8.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Bump pytest from 6.1.0 to 6.1.1

Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.1.0...6.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Remove log directory creation (#391)

* Remove log directory creation

* Remove unused import

* Remove rate limiting for now

* Fix volume permission overwrite

This problem seems to be already known in
https://github.com/docker/compose/issues/3270#issuecomment-363478501

* Fix duplicate root mkdir

* Disable pytest test caching

See https://github.com/pytest-dev/pytest/issues/3557

* Add blank coverage file

* Added extra overriding of permissions command in CI config

* Added user UID

* Clean Dockerfile and revert pytest.ini

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Aaron Suarez <aaron.j.suarez1@gmail.com>
Co-authored-by: Abdelrahman Kandil <abdelrahmankandil@hotmail.com>
Co-authored-by: Aaron Suarez <aaron-suarez@users.noreply.github.com>
---
 .circleci/config.yml | 1 +
 Dockerfile           | 6 ++++++
 pytest.ini           | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e9fce981..0661491e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -60,6 +60,7 @@ jobs:
             curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > /usr/local/bin/cc-test-reporter
             chmod +x /usr/local/bin/cc-test-reporter
             /usr/local/bin/cc-test-reporter before-build
+      - run: sudo chown -R 5000 .
       - run:
           name: Run tests
           command: |
diff --git a/Dockerfile b/Dockerfile
index 854c2b20..2eea6695 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,6 +23,12 @@ RUN poetry install --no-dev --no-interaction --no-ansi
 
 COPY . /src
 
+RUN useradd --no-create-home --system -s /bin/false --uid 5000 uwsgi
+
+RUN chown -R uwsgi /src
+
 EXPOSE 5000
 
+USER uwsgi
+
 CMD [ "uwsgi", "--ini", "app.ini" ]
diff --git a/pytest.ini b/pytest.ini
index c1fa8785..1ceab942 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -1,2 +1,2 @@
 [pytest]
-addopts = -p no:warnings
\ No newline at end of file
+addopts = -p no:warnings