Added non-root user for container. (#390)

pantierra · web-flow · commit 6521b13a6a71 · 2025-12-09T08:29:38.000-06:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+
+## [UNRELEASED]
+
+* changed container images to use non-root `user`
+
 ## [v0.9.8]
+
 ### Fixed
 - Allow array as q parameter for full text search
 
diff --git a/docker/pypgstac/Dockerfile b/docker/pypgstac/Dockerfile
@@ -28,3 +28,8 @@ COPY src/pypgstac /opt/src/pypgstac
 COPY src/pgstac /opt/src/pgstac
 WORKDIR /opt/src/pypgstac
 RUN uv pip install --system -e . && rm -rf /usr/local/cargo/registry
+
+RUN addgroup --gid 1000 user && \
+    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" --home /home/user user && \
+    chown -R user:user /opt/src/pypgstac /opt/src/pgstac
+USER user
