chore: Run pushpin as non-privledged user

Previously the docker container ran pushpin by default as root, which
is against recommended security standards. This should create a new
pushpin group and user and run pushpin under those.

Closes #25

Author: clintjedwards

Dockerfile

@@ -41,6 +41,16 @@ COPY --from=build /build/out/ /
 # Add entrypoint script
 COPY docker-entrypoint.sh /usr/local/bin/
 
+# Create a non-root user, group, directories and switch to that user.
+RUN groupadd -r -g 1001 pushpin && \
+    useradd -r -u 1001 -g pushpin pushpin
+
+RUN mkdir -p /var/run/pushpin && \
+    chown -R pushpin:pushpin /etc/pushpin /var/run/pushpin
+
+# Using the user_id specifically here allows for less configuration in k8s
+USER 1001
+
 ENV LANG C.UTF-8
 
 # Define default entrypoint and command