From fe616c71510ed8dc9bf9b15aee77d38dcf8d8bdf Mon Sep 17 00:00:00 2001
From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com>
Date: Sat, 14 Sep 2024 00:12:15 +0200
Subject: [PATCH] refactor: run merger with non-root user by default

use multi-stage build given from scratch image doesn't have users

Signed-off-by: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com>
---
 Dockerfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b7a5b21..5bcb5d2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,8 @@
+FROM ubuntu:latest as base
+RUN useradd -u 1001 merger
+
 FROM scratch
-ENTRYPOINT ["/kustomize-plugin-merger"]
+COPY --from=base /etc/passwd /etc/passwd
 COPY kustomize-plugin-merger /
+USER 1001
+ENTRYPOINT ["/kustomize-plugin-merger"]