From 5df0e49b1ef5bd89410c31fa14546fb32ce54483 Mon Sep 17 00:00:00 2001
From: Daniel Vystrcil <31454345+da6d6i7-bronga@users.noreply.github.com>
Date: Tue, 15 Jun 2021 20:40:39 -0700
Subject: [PATCH] Update Dockerfile

Adding group:user to fix (CIS_Docker_v1.2.0 - 4.1) Image should be created with a non-root user
---
 Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 6ef42cc0..2c546ed3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,12 +14,19 @@ RUN CGO_ENABLED=0 make local build
 # CI tools expect an interactive shell inside the container
 FROM alpine:3.13.5 as production
 
+RUN mkdir /home/yq/
+RUN addgroup -g 1000 yq && \
+    adduser -u 1000 -G yq -s /bin/bash -h /home/yq -D yq
+RUN chown -R yq:yq /home/yq/
+
 COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
 RUN chmod +x /usr/bin/yq
 
 ARG VERSION=none
 LABEL version=${VERSION}
 
+USER yq
+
 WORKDIR /workdir
 
 ENTRYPOINT ["/usr/bin/yq"]