From 8bc6b0cc35b9d60a81a7f5a23b10e15967fcc7e5 Mon Sep 17 00:00:00 2001
From: AliArmanLMG <ali.arman@lmg.broker>
Date: Fri, 13 Sep 2024 11:49:06 +1000
Subject: [PATCH] TECH-30764 Update dockerfile to run image with non-root user

---
 samples/MyCRM.Lodgement.Sample/Dockerfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/samples/MyCRM.Lodgement.Sample/Dockerfile b/samples/MyCRM.Lodgement.Sample/Dockerfile
index 0fb84f2..5c1fc5e 100644
--- a/samples/MyCRM.Lodgement.Sample/Dockerfile
+++ b/samples/MyCRM.Lodgement.Sample/Dockerfile
@@ -23,9 +23,17 @@ RUN dotnet publish \
 
 
 FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim AS final
+
+RUN groupadd -r appgroup && useradd -r -g appgroup appuser
+
 WORKDIR /app
 COPY --from=build /app/publish .
 
 LABEL org.opencontainers.image.source=https://github.com/loanmarket/mycrm-lodgement-sample
 
+# Create a user
+RUN chown -R appuser:appgroup /app
+# Switch to the non-root user
+USER appuser
+
 ENTRYPOINT ["dotnet", "MyCRM.Lodgement.Sample.dll"]