From 8812e6c0d303803a854349dd9d3f7b3ab72c5771 Mon Sep 17 00:00:00 2001
From: Dariusz Niemczyk <palid@hackerspace.pl>
Date: Thu, 1 Feb 2024 12:36:39 +0100
Subject: [PATCH] fix: run app as spejstore user, not root

---
 .devcontainer/devcontainer.json | 3 ++-
 Dockerfile                      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 6fcd7bb..264d0bd 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -45,5 +45,6 @@
         "yzhang.markdown-all-in-one"
       ]
     }
-  }
+  },
+  "containerUser": "spejstore"
 }
diff --git a/Dockerfile b/Dockerfile
index dc6d453..8774a47 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,7 @@ ADD requirements.txt /code/
 RUN pip install --no-cache-dir -r requirements.txt
 ADD . /code/
 
-RUN python -m pip install gunicorn
+RUN groupadd --gid 1000 spejstore && useradd --uid 1000 --gid 1000 --home /code --shell /bin/bash spejstore
+USER spejstore
 
 CMD bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"