From 3fd152acf8ca82e7988019013ffcc3e9cc80daf9 Mon Sep 17 00:00:00 2001
From: Tobias Lindberg <tobias.ehlert@gmail.com>
Date: Fri, 15 Mar 2024 12:38:19 +0100
Subject: [PATCH] fix permission issues with Dockerfile nonroot implementation

---
 Dockerfile | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b1a556c..17e687d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # get golang container
-FROM golang:1.22.1
+FROM golang:1.22.1 AS builder
 
 # get args
 ARG TibiaDataBuildBuilder=dockerfile
@@ -23,23 +23,24 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags="-w -s -X '
 
 
 # get alpine container
-FROM alpine:3.19.1
+FROM alpine:3.19.1 AS app
 
-# create nonroot user
-RUN addgroup -S nonroot \
-  && adduser -S nonroot -G nonroot
+# create workdir
+WORKDIR /opt/app
 
-# add ca-certificates
+# add ca-certificates and tzdata
 RUN apk --no-cache add ca-certificates tzdata
 
-# create workdir
-WORKDIR /root/
+# create nonroot user and group
+RUN addgroup -S nonroot && \
+  adduser -S nonroot -G nonroot && \
+  chown -R nonroot:nonroot .
 
-# copy binary from first container
-COPY --from=0 /go/src/app .
+# set user to nonroot
+USER nonroot:nonroot
 
-# set user
-USER nonroot
+# copy binary from builder
+COPY --from=builder --chown=nonroot:nonroot --chmod=544 /go/src/app .
 
 # expose port 8080
 EXPOSE 8080