From c38681a01b766f5d588dda49a941fe0b1bb4e0cf Mon Sep 17 00:00:00 2001
From: Piotr Dec <piotr_dec@msn.com>
Date: Thu, 18 Dec 2025 22:20:20 +0100
Subject: [PATCH] ci: user in docker

---
 Dockerfile | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d10579b..9019843 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,18 +16,32 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 
 FROM python:3.12-alpine3.22
 
+ENV USER=karl
+ENV GROUPNAME=$USER
+ENV UID=1000
+ENV GID=1000
+ENV PYTHONPATH="/app"
+
+EXPOSE 8081
+WORKDIR /app
+ENTRYPOINT ["/app/.venv/bin/python"]
+
+RUN addgroup \
+    --gid "$GID" \
+    "$GROUPNAME" \
+&&  adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --ingroup "$GROUPNAME" \
+    --no-create-home \
+    --uid "$UID" \
+    $USER
+
 RUN apk update --no-cache \
     && apk add --no-cache git
 
 COPY --from=builder --chown=app:app /app/.venv /app/.venv
 COPY --from=builder --chown=app:app /app/src /app/src
 
-ENV PYTHONPATH="/app"
-
-EXPOSE 8081
-
-WORKDIR /app
-
-ENTRYPOINT ["/app/.venv/bin/python"]
-
 CMD ["/app/src/karl/__init__.py"]