From b238c19236f1cef50ff0c6d73fa452e190ff3ec3 Mon Sep 17 00:00:00 2001
From: Viktor Varland <varl@vlv.io>
Date: Mon, 14 Apr 2025 21:35:58 +0200
Subject: [PATCH] ci: run as user 1000:1000

---
 Containerfile | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/Containerfile b/Containerfile
index 8971f08..eb0cfb3 100644
--- a/Containerfile
+++ b/Containerfile
@@ -27,16 +27,35 @@ RUN apk update && apk upgrade && apk add --no-cache \
     py3-secretstorage \
     py3-websockets
 
+
+RUN addgroup --gid 1000 subsyt \
+    && adduser --home /home/subsyt \
+        --shell /bin/bash \
+        --uid 1000 \
+        --ingroup subsyt \
+        --disabled-password \
+        subsyt
+
+RUN mkdir /data
+RUN mkdir /data/vids
+RUN touch /data/config.toml
+RUN touch /data/opml.xml
+
+
+RUN chown --recursive subsyt:subsyt /data
+
+USER subsyt
+
 RUN mkdir -p /data/vids
 
 COPY <<-EOT /data/config.toml
-    dry_run = false
+    dry_run = true
     out_dir = "/data/vids"
-    daemon = true
+    daemon = false
 
     [provider]
     [provider.youtube]
-    cmd = "/root/.local/bin/yt-dlp"
+    cmd = "/home/subsyt/.local/bin/yt-dlp"
     opml_file = "/data/opml.xml"
     url = "https://www.youtube.com"
     quality = "res:1080"
@@ -52,12 +71,12 @@ EOT
 WORKDIR /app
 
 RUN pipx ensurepath
+RUN source /home/subsyt/.bashrc
+
 RUN pipx install yt-dlp
 RUN pipx inject yt-dlp yt-dlp-get-pot
 RUN pipx inject yt-dlp bgutil-ytdlp-pot-provider
 
-RUN source /root/.bashrc
-
-COPY --from=builder /src/build/subsyt /app/subsyt
+COPY --from=builder --chown=subsyt:subsyt /src/build/subsyt /app/subsyt
 
 CMD [ "/app/subsyt", "--config=/data/config.toml" ]