From 9c829ed8b6d8112a461ea0117d5ce0b0c1086246 Mon Sep 17 00:00:00 2001
From: Aleksey Kashapov <nanodirijabl@gmail.com>
Date: Thu, 6 Jul 2023 10:18:39 +0300
Subject: [PATCH] OPS-268: Setups user in `Dockerfile` (#8)

* Bumps valitydev/erlang-workflows/.github/workflows/erlang-parallel-build.yml@v1.0.12
* Bumps potatosalad/erlang-libdecaf@2.1.0
---
 .github/workflows/erlang-checks.yml | 2 +-
 Dockerfile                          | 8 ++++++++
 rebar.config                        | 2 +-
 rebar.lock                          | 6 +++---
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/erlang-checks.yml b/.github/workflows/erlang-checks.yml
index 8d45c93..9c8207a 100644
--- a/.github/workflows/erlang-checks.yml
+++ b/.github/workflows/erlang-checks.yml
@@ -30,7 +30,7 @@ jobs:
   run:
     name: Run checks
     needs: setup
-    uses: valitydev/erlang-workflows/.github/workflows/erlang-parallel-build.yml@v1.0.3
+    uses: valitydev/erlang-workflows/.github/workflows/erlang-parallel-build.yml@v1.0.12
     with:
       otp-version: ${{ needs.setup.outputs.otp-version }}
       rebar-version: ${{ needs.setup.outputs.rebar-version }}
diff --git a/Dockerfile b/Dockerfile
index 699d813..bae3350 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,6 +30,8 @@ RUN rebar3 compile && \
 FROM docker.io/library/erlang:${OTP_VERSION}-slim
 
 ARG SERVICE_NAME
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
 
 # Set env
 ENV CHARSET=UTF-8
@@ -43,6 +45,12 @@ COPY --from=builder /build/_build/prod/rel/${SERVICE_NAME} /opt/${SERVICE_NAME}
 RUN echo "#!/bin/sh" >> /entrypoint.sh && \
     echo "exec /opt/${SERVICE_NAME}/bin/${SERVICE_NAME} foreground" >> /entrypoint.sh && \
     chmod +x /entrypoint.sh
+
+# Setup user
+RUN groupadd --gid ${USER_GID} ${SERVICE_NAME} && \
+    useradd --uid ${USER_UID} --gid ${USER_GID} -M ${SERVICE_NAME}
+USER ${SERVICE_NAME}
+
 ENTRYPOINT []
 CMD ["/entrypoint.sh"]
 
diff --git a/rebar.config b/rebar.config
index 8d1e576..13e86b1 100644
--- a/rebar.config
+++ b/rebar.config
@@ -30,7 +30,7 @@
     %% NOTE
     %% Pinning to version "1.11.2" from hex here causes constant upgrading and recompilation of the entire project
     {jose, {git, "https://github.com/potatosalad/erlang-jose.git", {tag, "1.11.2"}}},
-    {libdecaf, "2.0.0"},
+    {libdecaf, "2.1.0"},
     {pooler, {git, "https://github.com/seth/pooler.git", {branch, master}}},
     {scrypt, {git, "https://github.com/kpy3/erlscrypt", {tag, "2.0.2"}}},
     {shamir, {git, "https://github.com/valitydev/shamir.git", {branch, master}}},
diff --git a/rebar.lock b/rebar.lock
index 6e7a709..ee57d2c 100644
--- a/rebar.lock
+++ b/rebar.lock
@@ -35,7 +35,7 @@
        {ref,"991649695aaccd92c8effb1c1e88e6159fe8e9a6"}},
   0},
  {<<"jsx">>,{pkg,<<"jsx">>,<<"3.1.0">>},0},
- {<<"libdecaf">>,{pkg,<<"libdecaf">>,<<"2.0.0">>},0},
+ {<<"libdecaf">>,{pkg,<<"libdecaf">>,<<"2.1.0">>},0},
  {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},2},
  {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},2},
  {<<"msgpack">>,
@@ -98,7 +98,7 @@
  {<<"hackney">>, <<"C4443D960BB9FBA6D01161D01CD81173089686717D9490E5D3606644C48D121F">>},
  {<<"idna">>, <<"8A63070E9F7D0C62EB9D9FCB360A7DE382448200FBBD1B106CC96D3D8099DF8D">>},
  {<<"jsx">>, <<"D12516BAA0BB23A59BB35DCCAF02A1BD08243FCBB9EFE24F2D9D056CCFF71268">>},
- {<<"libdecaf">>, <<"1733DD97F22E8194721F8F7B146F11E2F2E008384CEF6B97CC0344232A3193A6">>},
+ {<<"libdecaf">>, <<"26E273443D75420081D4B1F76764492EE3E1D7CD601A2AB1DC8761A6943BFB46">>},
  {<<"metrics">>, <<"25F094DEA2CDA98213CECC3AEFF09E940299D950904393B2A29D191C346A8486">>},
  {<<"mimerl">>, <<"67E2D3F571088D5CFD3E550C383094B47159F3EEE8FFA08E64106CDF5E981BE3">>},
  {<<"parse_trans">>, <<"16328AB840CC09919BD10DAB29E431DA3AF9E9E7E7E6F0089DD5A2D2820011D8">>},
@@ -116,7 +116,7 @@
  {<<"hackney">>, <<"9AFCDA620704D720DB8C6A3123E9848D09C87586DC1C10479C42627B905B5C5E">>},
  {<<"idna">>, <<"92376EB7894412ED19AC475E4A86F7B413C1B9FBB5BD16DCCD57934157944CEA">>},
  {<<"jsx">>, <<"0C5CC8FDC11B53CC25CF65AC6705AD39E54ECC56D1C22E4ADB8F5A53FB9427F3">>},
- {<<"libdecaf">>, <<"80563056C9A6F41B81D6A8BED61CEFEB2FC78D22ACB6A99003C00814671417BA">>},
+ {<<"libdecaf">>, <<"529D493D2929CEA2EEA2D93464F636A1969756374C58A66AB8F95DD1C0CCFFCB">>},
  {<<"metrics">>, <<"69B09ADDDC4F74A40716AE54D140F93BEB0FB8978D8636EADED0C31B6F099F16">>},
  {<<"mimerl">>, <<"F278585650AA581986264638EBF698F8BB19DF297F66AD91B18910DFC6E19323">>},
  {<<"parse_trans">>, <<"07CD9577885F56362D414E8C4C4E6BDF10D43A8767ABB92D24CBE8B24C54888B">>},