From 4009804221b83a7e56f0e36558cc29a534c92b66 Mon Sep 17 00:00:00 2001
From: "gaul@pdx.edu" <gaul@pdx.edu>
Date: Sat, 2 Oct 2021 10:42:13 -0700
Subject: [PATCH] Creates non root user to run Meilisearch in Dockerfile

---
 Dockerfile | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 322d5a68a..66a3ba484 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,12 +35,18 @@ RUN     $HOME/.cargo/bin/cargo build --release
 # Run
 FROM    alpine:3.14
 
-RUN     apk add -q --no-cache libgcc tini curl
-
-COPY    --from=compiler /meilisearch/target/release/meilisearch .
-
+ARG     USER=meiliuser
+ENV     HOME /home/$USER
 ENV     MEILI_HTTP_ADDR 0.0.0.0:7700
+
+# download runtime deps as root and create $USER
+RUN apk add -q --no-cache libgcc tini curl \
+    && adduser -D $USER
+WORKDIR $HOME
+USER $USER
+# copy file as $USER to $HOME
+COPY  --from=compiler /meilisearch/target/release/meilisearch .
+
 EXPOSE  7700/tcp
 
-ENTRYPOINT ["tini", "--"]
-CMD     ./meilisearch
+CMD ["tini", "--","./meilisearch"]