From 936871810ea88608f1deecea06e9b1a9b10f8d64 Mon Sep 17 00:00:00 2001
From: Fanyang Meng <i@mfy.dev>
Date: Wed, 12 Feb 2025 16:25:07 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Improve=20the=20securit?=
 =?UTF-8?q?y?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 53f79b4..7533bfe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,9 +21,17 @@ RUN --mount=type=cache,target=/root/.cache/uv     uv sync --frozen --no-dev --no
 
 FROM python:3.12-slim-bookworm
 
+# Create non-root user for security
+RUN useradd --create-home app \
+    && mkdir -p /app \
+    && chown app:app /app
+
 WORKDIR /app
  
 COPY --from=uv /app/.venv /app/.venv
+RUN chown -R app:app /app/.venv
+
+USER app
 
 # Place executables in the environment at the front of the path
 ENV PATH="/app/.venv/bin:$PATH"