From 38000921ffd849aaa9a63ee7a86456323a3fdd83 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 20:36:32 +0000
Subject: [PATCH 1/4] Initial plan


From 4c121d0b94746fdb34a83dfca4371d3ccc6876b5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 20:40:35 +0000
Subject: [PATCH 2/4] Add non-root user to Dockerfile for security

Co-authored-by: yuriishizawa <50813580+yuriishizawa@users.noreply.github.com>
---
 Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 91e6b87..4926899 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,5 +13,11 @@ RUN pip install poetry==1.5.0 && \
 
 COPY . .
 
+# Create a non-root user and switch to it
+RUN adduser --system --home /app --no-create-home appuser && \
+    chown -R appuser:nogroup /app
+
+USER appuser
+
 ENTRYPOINT ["streamlit"]
 CMD ["run", "myapp.py"]

From 114fd98ff65016a6979b64ad7cc8afd6da21c27f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 20:41:49 +0000
Subject: [PATCH 3/4] Improve Dockerfile security: create dedicated group and
 fix ownership timing

Co-authored-by: yuriishizawa <50813580+yuriishizawa@users.noreply.github.com>
---
 Dockerfile | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4926899..4457c34 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,11 @@
 FROM python:3.10
 EXPOSE 8501
 WORKDIR /app
+
+# Create a non-root user with dedicated group
+RUN addgroup --system appuser && \
+    adduser --system --home /app --no-create-home --ingroup appuser appuser
+
 # COPY requirements.txt ./requirements.txt
 # RUN pip3 install -r requirements.txt
 
@@ -13,9 +18,8 @@ RUN pip install poetry==1.5.0 && \
 
 COPY . .
 
-# Create a non-root user and switch to it
-RUN adduser --system --home /app --no-create-home appuser && \
-    chown -R appuser:nogroup /app
+# Change ownership of application files to non-root user
+RUN chown -R appuser:appuser /app
 
 USER appuser
 

From c383e54915cba846d4a57ad9a0c9e52a3f009468 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 20:42:58 +0000
Subject: [PATCH 4/4] Fix contradictory adduser flags in Dockerfile

Co-authored-by: yuriishizawa <50813580+yuriishizawa@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4457c34..64524c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ WORKDIR /app
 
 # Create a non-root user with dedicated group
 RUN addgroup --system appuser && \
-    adduser --system --home /app --no-create-home --ingroup appuser appuser
+    adduser --system --no-create-home --ingroup appuser appuser
 
 # COPY requirements.txt ./requirements.txt
 # RUN pip3 install -r requirements.txt