Run as nobody (#33)

Author: 100xff

Dockerfile

@@ -1,6 +1,8 @@
 FROM golang:1.25-alpine as app-builder
 WORKDIR /go/src/app
 
+RUN echo "nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin" > /etc/passwd.nobody
+
 COPY src .
 
 RUN CGO_ENABLED=0 go install -ldflags '-extldflags "-static"' -tags timetzdata
@@ -10,7 +12,10 @@ FROM scratch
 
 LABEL maintainer="git@sktan.com"
 
+COPY --from=app-builder /etc/passwd.nobody /etc/passwd
 COPY --from=app-builder /go/bin/aws-codeartifact-proxy /aws-codeartifact-proxy
 COPY --from=app-builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
+USER 65534
+
 ENTRYPOINT ["/aws-codeartifact-proxy"]