refactor: run merger with non-root user by default

use multi-stage build given from scratch image doesn't have users Signed-off-by: Ahmed AbouZaid <[email protected]>
DevOpsHiveHQ · Sep 13, 2024 · fe616c7 · fe616c7
1 parent 615c20d
commit fe616c7
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,8 @@
+FROM ubuntu:latest as base
+RUN useradd -u 1001 merger
+
 FROM scratch
-ENTRYPOINT ["/kustomize-plugin-merger"]
+COPY --from=base /etc/passwd /etc/passwd
 COPY kustomize-plugin-merger /
+USER 1001
+ENTRYPOINT ["/kustomize-plugin-merger"]