build: select non root user at runtime

Author: BoxBoxJason

Containerfile

@@ -15,8 +15,17 @@ ENV GO111MODULE=on \
 RUN go mod tidy && \
     go build -ldflags "-X 'main.version=${VERSION}'" -o /app/bin/gitlab-sync ./cmd/main.go
 
+FROM alpine:latest as security_provider
+
+RUN addgroup -S gitlab-sync \
+    && adduser -S gitlab-sync -G gitlab-sync
+
 FROM scratch
 
+COPY --from=security_provider /etc/passwd /etc/passwd
+
+USER gitlab-sync
+
 COPY --from=build /app/bin/gitlab-sync /usr/local/bin/gitlab-sync
 
 ENTRYPOINT [ "/usr/local/bin/gitlab-sync" ]