From 29e385386781895f014ef74398326d4f23738e5d Mon Sep 17 00:00:00 2001
From: Stefano Pigozzi <me@steffo.eu>
Date: Wed, 5 Apr 2023 12:24:10 +0200
Subject: [PATCH 1/2] Run container as a non-privileged user

Uses the `USER` instruction.

See https://stackoverflow.com/questions/68155641/should-i-run-things-inside-a-docker-container-as-non-root-for-safety .
---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 31e1d50..4fcb078 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,6 +69,7 @@ COPY --from=builder \
     /usr/src/patched_porobot/target/*/release/patched_porobot_matrix \
     /usr/bin/
 
+USER ${UID}:${GID}
 ENTRYPOINT []
 CMD []
 

From 8cc1c2b8f54269ddef50d54996af50d8fd996094 Mon Sep 17 00:00:00 2001
From: Stefano Pigozzi <me@steffo.eu>
Date: Wed, 5 Apr 2023 12:27:35 +0200
Subject: [PATCH 2/2] Default to UID and GID 1000

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4fcb078..abb07b8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,7 +69,7 @@ COPY --from=builder \
     /usr/src/patched_porobot/target/*/release/patched_porobot_matrix \
     /usr/bin/
 
-USER ${UID}:${GID}
+USER ${UID:-1000}:${GID:-1000}
 ENTRYPOINT []
 CMD []