From 8710bde7e10aff42121a61b8f8ee72a5fe0738d1 Mon Sep 17 00:00:00 2001
From: Frederic Hemberger <mail@frederic-hemberger.de>
Date: Fri, 24 Jan 2020 11:53:28 +0100
Subject: [PATCH] Dockerfile: Don't run as `root`

Following security best practices, the server shouldn't run as `root` inside the container.
---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index f9a69e0..4144c3b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,6 +16,8 @@ COPY . .
 RUN go test -cover ./...
 RUN CGO_ENABLED=0 go build -a -tags netgo -installsuffix netgo -ldflags "-X github.com/halverneus/static-file-server/cli/version.version=${VERSION}" -o /serve /build/bin/serve
 
+RUN adduser --system --no-create-home --uid 1000 --shell /usr/sbin/nologin static
+
 ################################################################################
 ## DEPLOYMENT CONTAINER
 ################################################################################
@@ -23,6 +25,9 @@ FROM scratch
 
 EXPOSE 8080
 COPY --from=builder /serve /
+COPY --from=builder /etc/passwd /etc/passwd
+
+USER static
 ENTRYPOINT ["/serve"]
 CMD []