From 328a993bf665daac12d6c1482a3f1bcecb3a55c9 Mon Sep 17 00:00:00 2001
From: Marco Franssen <marco.franssen@gmail.com>
Date: Tue, 19 May 2026 18:01:14 +0200
Subject: [PATCH] Ensure Docker container runs as non root user

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
---
 Dockerfile | 55 +++++++++++++++++++++++++++---------------------------
 1 file changed, 28 insertions(+), 27 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ffec336..5c3e5ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,37 +3,38 @@ FROM node:20-slim
 WORKDIR /app
 
 RUN apt-get update && apt-get install -y \
-  git \
-  python3 \
-  make \
-  g++ \
-  sqlite3 \
-  libsqlite3-dev \
-  curl \
-  ca-certificates \
-  chromium \
-  chromium-sandbox \
-  fonts-freefont-ttf \
-  fonts-ipafont-gothic \
-  fonts-kacst \
-  fonts-liberation \
-  fonts-noto-color-emoji \
-  fonts-thai-tlwg \
-  libx11-xcb1 \
-  libxcb-dri3-0 \
-  libxcomposite1 \
-  libxdamage1 \
-  libxi6 \
-  libxrandr2 \
-  libxshmfence1 \
-  libxtst6 \
-  && apt-get clean \
-  && ln -s /usr/bin/chromium /usr/bin/chromium-browser || true
+    git \
+    python3 \
+    make \
+    g++ \
+    sqlite3 \
+    libsqlite3-dev \
+    curl \
+    ca-certificates \
+    chromium \
+    chromium-sandbox \
+    fonts-freefont-ttf \
+    fonts-ipafont-gothic \
+    fonts-kacst \
+    fonts-liberation \
+    fonts-noto-color-emoji \
+    fonts-thai-tlwg \
+    libx11-xcb1 \
+    libxcb-dri3-0 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxi6 \
+    libxrandr2 \
+    libxshmfence1 \
+    libxtst6 \
+    && apt-get clean \
+    && ln -s /usr/bin/chromium /usr/bin/chromium-browser || true
 
+USER 14000
 COPY package*.json ./
 RUN npm install --ignore-scripts
 # Install Chrome via Puppeteer as fallback (system Chromium will be used first)
 RUN npx puppeteer browsers install chrome || true
 COPY . .
 
-RUN npm run build
\ No newline at end of file
+RUN npm run build