Improved error handling in github.py and added user to Dockerfile

The error handling code in github.py has been updated to use a safer dictionary access method. The Dockerfile has also been refactored to create a new user and set its permissions, limiting potential security risks.

Dockerfile

@@ -1,6 +1,9 @@
 # Use a lightweight base image with Python and pip installed
 FROM python:3.9-alpine
 
+RUN addgroup -S lastversion \
+    && adduser -S lastversion -G lastversion
+
 # Set the working directory to /app
 WORKDIR /app
 
@@ -11,5 +14,7 @@ COPY setup.py README.md ./
 # Install the application and its dependencies
 RUN pip install -e .
 
+USER lastversion
+
 # Set the entrypoint to the command that runs your application
 ENTRYPOINT ["lastversion"]

src/lastversion/repo_holders/github.py

@@ -344,7 +344,7 @@ def find_in_tags_via_graphql(self, ret, pre_ok, major):
                 log.info("query returned non 200 response code %s", r.status_code)
                 return ret
             j = r.json()
-            if "errors" in j and j["errors"][0]["type"] == "NOT_FOUND":
+            if "errors" in j and j["errors"][0].get("type") == "NOT_FOUND":
                 raise BadProjectError(f"No such project found on GitHub: {self.repo}")
             if not j["data"]["repository"]["tags"]["edges"]:
                 log.info("No tags in GraphQL response: %s", r.text)
@@ -478,7 +478,7 @@ def get_releases_feed_contents(self, rename_checked=False):
             # authorization header may cause a false positive 200 response with an empty feed!
             "Authorization": "",
         }
-        r = self.get(
+        r = super().get(
             f"https://{self.hostname}/{self.repo}/releases.atom", headers=headers
         )
         # API requests are varied by cookie, we don't want serializer for cache fail because of that