Update Dockerfile

Dockerfile

@@ -45,5 +45,52 @@ RUN \
 # add local files
 COPY /root /
 
+WORKDIR /app
+# Create a non-root user and switch to it
+RUN adduser --disabled-password --gecos '' --shell /bin/bash user \
+ && chown -R user:user /app
+RUN echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-user
+USER user
+# All users can use /home/user as their home directory
+ENV HOME=/home/user
+RUN mkdir $HOME/.cache $HOME/.config \
+ && chmod -R 777 $HOME
+
+
+WORKDIR $HOME/app
+
+#######################################
+# Start root user section
+#######################################
+
+USER root
+
+# User Debian packages
+## Security warning : Potential user code executed as root (build time)
+RUN --mount=target=/root/packages.txt,source=packages.txt \
+    apt-get update && \
+    xargs -r -a /root/packages.txt apt-get install -y --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN --mount=target=/root/on_startup.sh,source=on_startup.sh,readwrite \
+	bash /root/on_startup.sh
+
+#######################################
+# End root user section
+#######################################
+
+USER user
+
+# Python packages
+RUN --mount=target=requirements.txt,source=requirements.txt \
+    pip install --no-cache-dir --upgrade -r requirements.txt
+
+# Copy the current directory contents into the container at $HOME/app setting the owner to the user
+COPY --chown=user . $HOME/app
+
+RUN chmod +x start_server.sh
+
+CMD ["./start_server.sh"]
+
 # ports and volumes
-EXPOSE 8443
+#EXPOSE 8443