From 6ab1eafe1d033c1a6f3662ac99408d6038923364 Mon Sep 17 00:00:00 2001
From: Conrad <grosserconrad@gmail.com>
Date: Sun, 24 Nov 2024 17:16:11 +0100
Subject: [PATCH] fix: fixed security recommendation from codacy

---
 Dockerfile | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 39f8fc5..65ea146 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,15 @@
 FROM python:3.12-slim
-ARG VERSION=unkown
+ARG VERSION=unknown
+
+# Create a non-root user and group
+RUN groupadd -r appuser && useradd -r -g appuser appuser
 
 WORKDIR /app
 COPY . .
 
+# Change ownership of the application directory
+RUN chown -R appuser:appuser /app
+
 # Python setup
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
@@ -14,11 +20,18 @@ ENV ENV=DEV
 RUN pip install --no-cache-dir --upgrade -r requirements.txt
 RUN pip install 'uvicorn[standard]'
 
+# Switch to the non-root user
+USER appuser
+
 EXPOSE 9000
 CMD ["uvicorn", "app.main:app", "--workers", "6" , "--host", "0.0.0.0", "--port", "9000"]
 
 # Install curl
+USER root
 RUN apt-get update && apt-get install -y --no-install-recommends curl && apt-get clean
 
+# Switch back to the non-root user
+USER appuser
+
 HEALTHCHECK --interval=30s --timeout=10s --retries=5 \
   CMD curl --fail http://localhost:9000/openapi.json || exit 1