From d607c9c821b07cd38535aebc90cf49269e3c3e14 Mon Sep 17 00:00:00 2001
From: Luigi311 <git@luigi311.com>
Date: Mon, 13 Nov 2023 03:36:10 -0700
Subject: [PATCH] Use non root for containers

---
 Dockerfile.alpine | 12 ++++++++++--
 Dockerfile.slim   | 12 ++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index 22cc341..03f432a 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -32,12 +32,20 @@ ENV WHITELIST_LIBRARY_TYPE  ''
 ENV BLACKLIST_USERS  ''
 ENV WHITELIST_USERS  ''
 
+
+RUN addgroup --system jellyplex_user && \
+    adduser --system --no-create-home jellyplex_user --ingroup jellyplex_user && \
+    mkdir -p /app && \
+    chown -R jellyplex_user:jellyplex_user /app
+
 WORKDIR /app
 
-COPY ./requirements.txt ./
+COPY --chown=jellyplex_user:jellyplex_user ./requirements.txt ./
 
 RUN pip install --no-cache-dir -r requirements.txt
 
-COPY . .
+COPY --chown=jellyplex_user:jellyplex_user . .
+
+USER jellyplex_user
 
 CMD ["python", "-u", "main.py"]
diff --git a/Dockerfile.slim b/Dockerfile.slim
index ee524fe..59c9a02 100644
--- a/Dockerfile.slim
+++ b/Dockerfile.slim
@@ -32,12 +32,20 @@ ENV WHITELIST_LIBRARY_TYPE  ''
 ENV BLACKLIST_USERS  ''
 ENV WHITELIST_USERS  ''
 
+
+RUN addgroup --system jellyplex_user && \
+    adduser --system --no-create-home jellyplex_user --ingroup jellyplex_user && \
+    mkdir -p /app && \
+    chown -R jellyplex_user:jellyplex_user /app
+
 WORKDIR /app
 
-COPY ./requirements.txt ./
+COPY --chown=jellyplex_user:jellyplex_user ./requirements.txt ./
 
 RUN pip install --no-cache-dir -r requirements.txt
 
-COPY . .
+COPY --chown=jellyplex_user:jellyplex_user . .
+
+USER jellyplex_user
 
 CMD ["python", "-u", "main.py"]