Currently the container images is running as root user as follows.
And it is recommended to run as non-root user for the security purpose.

In fact, following log will be seen at the startup time of Spring Boot.
```text
2022-10-20 17:32:02.045  INFO 1 --- [           main] com.yoshio3.HelloSampleApplication       : Starting HelloSampleApplication v0.0.1-SNAPSHOT using Java 17.0.4.1 on 7446eed214e7 with PID 1 (/app/app.jar started by root in /app)
```

If we use this fix, the application will run as non-root user ("javauser") by default like follows.

```text
2022-10-20 17:30:28.103  INFO 1 --- [           main] com.yoshio3.HelloSampleApplication       : Starting HelloSampleApplication v0.0.1-SNAPSHOT using Java 17.0.4.1 on 9a2adf159e03 with PID 1 (/app/app.jar started by javauser in /app)
```

In order to run the container more secure, this pull request will be useful.
And if this pull request is not included, every user need to write look like following Dockerfile to run as non-root user

```Dockerfile
##################################################################
# Stage 1: Create User and Group
##################################################################
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS CREATE-DEPENDS-FILES

RUN mkdir /staging \
    && mkdir /staging/etc \
    && tdnf install -y  --releasever=2.0 shadow-utils \
    && groupadd --system -g 101 java-app \
    && useradd -u 101 -g java-app --shell /bin/false --home-dir /dev/null --system javausers \
    && tdnf clean all \
   # Copy user/group info to staging
   && cp /etc/passwd /staging/etc/passwd \
   && cp /etc/group /staging/etc/group

##################################################################
# Stage 2: Create User and Group
##################################################################
FROM mcr.microsoft.com/openjdk/jdk:17-distroless

COPY --from=CREATE-DEPENDS-FILES /staging/ /
USER javauser
WORKDIR /app
ENV LANG='ja_JP.UTF-8' LANGUAGE='ja_JP:ja' LC_ALL='ja_JP.UTF-8'
ENV TZ='Asia/Tokyo'
ENV JAVA_HOME=/app

COPY ./target/hello-sample-0.0.1-SNAPSHOT.jar app.jar

ENTRYPOINT ["java","-Xmx1g","-XX:+UseParallelGC","-XX:MaxRAMPercentage=75","-jar","/app/app.jar"]
EXPOSE 8080
```

Java Version updated

During the build images in the GitHub Actions, Following error had showed and failed to build the images.

```text
Step 1/18 : ARG INSTALLER_IMAGE="mcr.microsoft.com/cbl-mariner/base/core"
Step 2/18 : ARG INSTALLER_TAG="2.0"
Step 3/18 : ARG BASE_IMAGE="mcr.microsoft.com/cbl-mariner/distroless/base"
Step 4/18 : ARG BASE_TAG="2.0"
invalid reference format
Step 5/18 : FROM ${INSTALLER_IMAGE}:${INSTALLER_TAG} AS installer
```

create test work flow

This reverts commit 06739f6.

Deleted test-yaml file

In some situation, UID 101 may be used. In order to prevent conflicts. I changed the UID.

After applied this pull request, the application will run as "javauser". However there is no directory which has "write permission".

If one Java Application try to write some file in the deployment directory, it will fail. Because it is owned by root user.

So in order write some file from the application, I added a
 default directory which owned by the "javauser"

So if user deployment their application under the "/app" directory. The application will run without problem.

If the user uses the Mariner core image, then there is "chown" command in the container images.
So user can create any directory and can change the owner.

However "the distress image" doesn't have the "chown" command on the image nor shell.

So we should mentioned the restriction for "distress image" users.

For example, following explanation will be needed.

```
COPY --chown=2000:2000 artifact.jar /app/
```