From 039d46477a61d1ef71bab399e8b4469bc2df25b9 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Mon, 6 May 2024 15:34:04 +0200
Subject: [PATCH] [docker] Run application in rootless mode (ISH-319)

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index f25481d4..e2becf6f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -48,6 +48,7 @@ RUN dotnet publish --no-restore -c Release -a $TARGETARCH -o /app -p:EnableAOT=t
 FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy-chiseled AS image-aot
 WORKDIR /app
 COPY --from=builder-aot /app .
+USER app
 ENTRYPOINT ["./Iceshrimp.Backend", "--environment", "Production", "--migrate-and-start"]
 
 # Enable globalization and time zones:
@@ -56,4 +57,5 @@ ENTRYPOINT ["./Iceshrimp.Backend", "--environment", "Production", "--migrate-and
 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine-composite AS image-jit
 WORKDIR /app
 COPY --from=builder-jit /app .
+USER app
 ENTRYPOINT ["./Iceshrimp.Backend", "--environment", "Production", "--migrate-and-start"]