From ae5fa40469b0035d7edb65a47ffac51819e06b98 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Fri, 31 May 2024 09:35:19 +0200
Subject: [PATCH] run with an unprivileged user

---
 Containerfile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Containerfile b/Containerfile
index 633922c..3e19210 100644
--- a/Containerfile
+++ b/Containerfile
@@ -14,8 +14,16 @@ RUN git checkout $VERSION
 
 RUN go build ./cmd/syncv3
 
-FROM scratch
+FROM docker.io/alpine:3.20
+
+RUN addgroup -g 2222 matrix-sync
+RUN adduser -h /var/lib/matrix-sync -u 2222 -D -G matrix-sync matrix-sync
+
+RUN apk --no-cache add \
+  ca-certificates
 
 COPY --from=builder /build/sliding-sync/syncv3 /syncv3
+
+USER matrix-sync
 ENTRYPOINT [ "/syncv3" ]
 EXPOSE 8008