ci: user in docker

Dockerfile

@@ -16,18 +16,32 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 
 FROM python:3.12-alpine3.22
 
+ENV USER=karl
+ENV GROUPNAME=$USER
+ENV UID=1000
+ENV GID=1000
+ENV PYTHONPATH="/app"
+
+EXPOSE 8081
+WORKDIR /app
+ENTRYPOINT ["/app/.venv/bin/python"]
+
+RUN addgroup \
+    --gid "$GID" \
+    "$GROUPNAME" \
+&&  adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --ingroup "$GROUPNAME" \
+    --no-create-home \
+    --uid "$UID" \
+    $USER
+
 RUN apk update --no-cache \
     && apk add --no-cache git
 
 COPY --from=builder --chown=app:app /app/.venv /app/.venv
 COPY --from=builder --chown=app:app /app/src /app/src
 
-ENV PYTHONPATH="/app"
-
-EXPOSE 8081
-
-WORKDIR /app
-
-ENTRYPOINT ["/app/.venv/bin/python"]
-
 CMD ["/app/src/karl/__init__.py"]