🔒️ Improve the security

2026-03-10 00:11:21 +00:00 · 2025-02-12 16:25:07 -05:00
parent 0f936bb52e
commit 936871810e
1 changed files with 8 additions and 0 deletions
--- a/8
+++ b/8
@@ -21,9 +21,17 @@ RUN --mount=type=cache,target=/root/.cache/uv     uv sync --frozen --no-dev --no

 FROM python:3.12-slim-bookworm

+# Create non-root user for security
+RUN useradd --create-home app \
+    && mkdir -p /app \
+    && chown app:app /app
+
 WORKDIR /app
 
 COPY --from=uv /app/.venv /app/.venv
+RUN chown -R app:app /app/.venv
+
+USER app

 # Place executables in the environment at the front of the path
 ENV PATH="/app/.venv/bin:$PATH"