From 58eb4d49d28afaf5711d76aad04622d56f1f126b Mon Sep 17 00:00:00 2001
From: Qingping Hou <qph@scribd.com>
Date: Thu, 27 Aug 2020 11:47:55 -0700
Subject: [PATCH] setup none-root user in final image stage

---
 .dockerignore | 3 +++
 Dockerfile    | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..9a9e532
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+dist
+Dockerfile
+*.md
diff --git a/Dockerfile b/Dockerfile
index fbd58e8..7457c9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,13 @@
 FROM golang:1.13.1 as build
-RUN groupadd -g 1000 1000 && \
-    useradd -r -u 1000 -g 1000 1000
 ADD . /app
-RUN chown 1000 app
 WORKDIR /app
 
 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags '-extldflags "-static"'
 
 FROM alpine:3.10.1
 
+RUN addgroup --gid 1000 app && \
+    adduser --system --uid 1000 --ingroup app app
+USER app
+
 COPY --from=build /app/objinsync /bin/objinsync
-USER 1000