From 8f4415ebd7ef252c796317f7c645ef9d97b38dd6 Mon Sep 17 00:00:00 2001
From: Izzat Zuliya R <34620941+izzatzr@users.noreply.github.com>
Date: Sat, 12 Jun 2021 14:05:39 +0700
Subject: [PATCH] execute runner as non root user

---
 runner/Dockerfile | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/runner/Dockerfile b/runner/Dockerfile
index c275975d0..90008f070 100644
--- a/runner/Dockerfile
+++ b/runner/Dockerfile
@@ -5,7 +5,16 @@ COPY . .
 RUN GOOS=linux CGO_ENABLED=0 go build -a -ldflags '-s -w -extldflags "-static"' -o app .
 
 FROM alpine:3.12
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates && \
+    addgroup -S spacecloud && adduser -S spacecloud -G spacecloud && \
+    mkdir -p /home/spacecloud/.space-cloud/mission-control-v$SC_VERSION && \
+    chown -R spacecloud:spacecloud /home/spacecloud/.space-cloud && \
+    mkdir /app && \
+    chown -R spacecloud:spacecloud /app 
+
+COPY --chown=spacecloud:spacecloud --from=0 /build/build /home/spacecloud/.space-cloud/mission-control-v$SC_VERSION/build
+COPY --chown=spacecloud:spacecloud --from=0 /build/app /app
+
+USER spacecloud:spacecloud
 WORKDIR /app
-COPY --from=0 /build/app .
-CMD ["./app", "start"]
\ No newline at end of file
+CMD ["./app", "start"]