ci: run as user 1000:1000

Containerfile

@@ -27,16 +27,35 @@ RUN apk update && apk upgrade && apk add --no-cache \
     py3-secretstorage \
     py3-websockets
 
+
+RUN addgroup --gid 1000 subsyt \
+    && adduser --home /home/subsyt \
+        --shell /bin/bash \
+        --uid 1000 \
+        --ingroup subsyt \
+        --disabled-password \
+        subsyt
+
+RUN mkdir /data
+RUN mkdir /data/vids
+RUN touch /data/config.toml
+RUN touch /data/opml.xml
+
+
+RUN chown --recursive subsyt:subsyt /data
+
+USER subsyt
+
 RUN mkdir -p /data/vids
 
 COPY <<-EOT /data/config.toml
-    dry_run = false
+    dry_run = true
     out_dir = "/data/vids"
-    daemon = true
+    daemon = false
 
     [provider]
     [provider.youtube]
-    cmd = "/root/.local/bin/yt-dlp"
+    cmd = "/home/subsyt/.local/bin/yt-dlp"
     opml_file = "/data/opml.xml"
     url = "https://www.youtube.com"
     quality = "res:1080"
@@ -52,12 +71,12 @@ EOT
 WORKDIR /app
 
 RUN pipx ensurepath
+RUN source /home/subsyt/.bashrc
+
 RUN pipx install yt-dlp
 RUN pipx inject yt-dlp yt-dlp-get-pot
 RUN pipx inject yt-dlp bgutil-ytdlp-pot-provider
 
-RUN source /root/.bashrc
+COPY --from=builder --chown=subsyt:subsyt /src/build/subsyt /app/subsyt
-
-COPY --from=builder /src/build/subsyt /app/subsyt
 
 CMD [ "/app/subsyt", "--config=/data/config.toml" ]