From 8e22b8e346a3600930ca52e96578587c36bdd31d Mon Sep 17 00:00:00 2001
From: Emil Dabrowski <emidab@noreply.git.jilits.se>
Date: Sat, 3 Dec 2022 22:21:43 +0100
Subject: [PATCH] Don't run as root. Set env to production.

---
 .gitignore         |  2 ++
 Containerfile      | 16 ++++++++++++++--
 container-build.sh |  2 +-
 3 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a5e2304
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+resources
+.hugo_build.lock
diff --git a/Containerfile b/Containerfile
index c645270..327f846 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,5 +1,17 @@
 FROM alpine
-RUN apk add git hugo
+
+ENV HUGO_ENVIRONMENT=production
+
 WORKDIR /app
-COPY . /app
+RUN apk add git hugo
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --uid 1000 \
+    hugo
+RUN chown hugo:hugo /app
+USER hugo
+
 CMD hugo server --bind 0.0.0.0
+COPY . /app
diff --git a/container-build.sh b/container-build.sh
index 73dafe5..e75c69e 100755
--- a/container-build.sh
+++ b/container-build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-version="0.1.1"
+version="0.2.0"
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 tmp_dir="$(mktemp -d --suffix=-web)"
 cleanup () { rm -Rfv "$tmp_dir"; }