From 17caf4a18e284edd45ded2a3e67c45fa4b87711c Mon Sep 17 00:00:00 2001
From: Greg Dubicki <grzegorz.dubicki@gmail.com>
Date: Sat, 13 Apr 2024 14:27:23 +0100
Subject: [PATCH] Don't run app as root in Docker container

inspired by https://github.com/gitlabform/gitlabform/pull/719
by @lkwg82 (thanks!)
---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 0a459a540..be762f04e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,4 +24,7 @@ RUN pip install --no-cache-dir -r requirements-docker.txt .
 
 COPY Dockerfile /
 
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+USER appuser
+
 CMD gunicorn -b ${PUPPETBOARD_HOST}:${PUPPETBOARD_PORT} --preload --workers="${PUPPETBOARD_WORKERS:-1}" -e SCRIPT_NAME="${PUPPETBOARD_URL_PREFIX:-}" --access-logfile=- puppetboard.app:app