From e9e5f66943e66de5342cbf8dbf5d97b231ee365f Mon Sep 17 00:00:00 2001
From: Constantin Bugneac <cosbug@gmail.com>
Date: Tue, 17 Jan 2023 21:20:30 +0000
Subject: [PATCH] feature - run tflint as non-privileged user in container #68

---
 Dockerfile | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 89236f9..03f4abb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,10 +29,20 @@ FROM alpine:3.17.0
 
 LABEL maintainer=terraform-linters
 
-RUN apk add --no-cache ca-certificates
+ARG USER=tflint
+ARG USER_ID=10001
+ARG GROUP=tflint
+ARG GROUP_ID=10001
+
+RUN addgroup -g ${GROUP_ID} ${GROUP} && \
+    adduser -h /home/${USER} -u ${USER_ID} -G ${GROUP} -D ${USER}
+
+RUN apk add --no-cache ca-certificates && update-ca-certificates
 
 COPY --from=builder /usr/local/bin/tflint /usr/local/bin
-COPY --from=builder /root/.tflint.d /root/.tflint.d
+COPY --from=builder --chown=${USER}:${GROUP} /root/.tflint.d /home/${USER}/.tflint.d
 
-ENTRYPOINT ["tflint"]
+USER ${USER}
 WORKDIR /data
+
+ENTRYPOINT ["tflint"]