From 93a5695f2dbf1cd34319d6678b8f487dccd596a8 Mon Sep 17 00:00:00 2001
From: Joonas Lehtimaki <joonas.lehtimaki@gmail.com>
Date: Tue, 5 Nov 2024 15:03:11 +0200
Subject: [PATCH] feat: run as non root user warden

---
 Dockerfile | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 28ed830..e48ab66 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,22 +1,28 @@
 FROM ubuntu:22.04 as wardend
 
 RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    wget \
-    unzip \
-    && rm -rf /var/lib/apt/lists/*
+  ca-certificates \
+  wget \
+  unzip \
+  && rm -rf /var/lib/apt/lists/*
 
-RUN wget https://github.com/warden-protocol/wardenprotocol/releases/download/v0.5.0/wardend_Linux_x86_64.zip -O /tmp/wardend.zip \
-    && unzip /tmp/wardend.zip -d ./ \
-    && rm /tmp/wardend.zip
+RUN wget https://github.com/warden-protocol/wardenprotocol/releases/download/v0.5.3/wardend_Linux_x86_64.zip -O /tmp/wardend.zip \
+  && unzip /tmp/wardend.zip -d ./ \
+  && rm /tmp/wardend.zip
 
 FROM ubuntu:22.04
 
 RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
+  ca-certificates \
+  && rm -rf /var/lib/apt/lists/*
 
-COPY discord-faucet /usr/bin/discord-faucet
-COPY --from=wardend /wardend /usr/bin/wardend
+RUN groupadd -r warden && useradd --no-log-init -r -g warden warden
+
+USER warden
+
+WORKDIR /app
+
+COPY discord-faucet /app/discord-faucet
+COPY --from=wardend /tmp/wardend /app/wardend
 
 CMD ["/usr/bin/discord-faucet"]