From 82f40bcaea2cb17ba5d11c72e414daf9b70a1485 Mon Sep 17 00:00:00 2001
From: Job79 <job@plabble.org>
Date: Thu, 1 Feb 2024 19:57:09 +0100
Subject: [PATCH 1/2] build(Containerfile): use alpine 3.19 for last buildstep

---
 Containerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index d0811e4..08cb8dd 100644
--- a/Containerfile
+++ b/Containerfile
@@ -18,7 +18,7 @@ RUN case "$(apk --print-arch)" in \
 	       mv ./target/aarch64-unknown-linux-musl /release ;; \
 	esac
 
-FROM alpine:edge
+FROM alpine:3.19
 WORKDIR /app
 RUN mkdir /app/wwwroot
 

From caa7146c22e43a258830c1fafe0ff6d3c029325a Mon Sep 17 00:00:00 2001
From: Job79 <job@plabble.org>
Date: Thu, 1 Feb 2024 20:00:47 +0100
Subject: [PATCH 2/2] build(Containerfile): do not run as root inside the
 container

---
 Containerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index 08cb8dd..81fe34c 100644
--- a/Containerfile
+++ b/Containerfile
@@ -20,7 +20,10 @@ RUN case "$(apk --print-arch)" in \
 
 FROM alpine:3.19
 WORKDIR /app
-RUN mkdir /app/wwwroot
+
+RUN mkdir wwwroot data && \
+	adduser -D appuser && \
+	chown appuser:appuser data
 
 # /* removes directory structure
 COPY --from=builder /release/* /app
@@ -28,5 +31,6 @@ COPY ./about.html /app/about.html
 COPY --from=frontend-builder /build/dist /app/wwwroot
 
 ENV WWW_DIR /app/wwwroot
+USER appuser
 EXPOSE 8080
 CMD [ "./pastabble" ]