From a8f9762f33b2a4336bf77719c0d98e2a5630196c Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Thu, 26 Jan 2023 02:07:54 +0100
Subject: [PATCH 1/6] =?UTF-8?q?Add=20plural=20user=20+=20don=E2=80=99t=20r?=
 =?UTF-8?q?un=20the=20container=20as=20root?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

UID and GID are > 10000 to conform with best practices. See https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0021/ and https://avd.aquasec.com/misconfig/ksv020
---
 Dockerfile | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0719927cc..e6f30f1df 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -110,11 +110,17 @@ ENV REPLACE_OS_VARS=true \
 
 WORKDIR /opt/app
 
+# Create plural user and home directory, set owner to plural
+RUN adduser -s /bin/sh -u 10001 -G 10001 -h "/opt/app" -S -D plural && \
+    chown -R 10001:10001 "/opt/app"
+
 COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural
 COPY --from=tools /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=tools /usr/local/bin/goon /usr/local/bin/goon
 COPY --from=tools /usr/local/bin/terrascan /usr/local/bin/terrascan
 COPY --from=tools /usr/local/bin/trivy /usr/local/bin/trivy
-COPY --from=builder /opt/built .
+COPY --from=builder --chown=10001:10001 /opt/built .
+
+USER plural
 
 CMD trap 'exit' INT; /opt/app/bin/${APP_NAME} foreground

From 3f1457d6fae93dbb71cf34c09da017f7186e290f Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Thu, 26 Jan 2023 02:16:26 +0100
Subject: [PATCH 2/6] fix: add plural group

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e6f30f1df..32573dc41 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -111,7 +111,8 @@ ENV REPLACE_OS_VARS=true \
 WORKDIR /opt/app
 
 # Create plural user and home directory, set owner to plural
-RUN adduser -s /bin/sh -u 10001 -G 10001 -h "/opt/app" -S -D plural && \
+RUN groupadd -g 10001 plural && \
+    adduser -s /bin/sh -u 10001 -G 10001 -h "/opt/app" -S -D plural && \
     chown -R 10001:10001 "/opt/app"
 
 COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural

From 14c58d5c6e94f4bda97f06b8c0519e0712f44a80 Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Thu, 26 Jan 2023 02:20:59 +0100
Subject: [PATCH 3/6] fix: groupadd-> addgroup

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 32573dc41..72e9df37d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -111,7 +111,7 @@ ENV REPLACE_OS_VARS=true \
 WORKDIR /opt/app
 
 # Create plural user and home directory, set owner to plural
-RUN groupadd -g 10001 plural && \
+RUN addgroup -g 10001 plural && \
     adduser -s /bin/sh -u 10001 -G 10001 -h "/opt/app" -S -D plural && \
     chown -R 10001:10001 "/opt/app"
 

From bb16dedf6bf2d07eb718550fff23844a5d9b0b16 Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Thu, 26 Jan 2023 02:23:50 +0100
Subject: [PATCH 4/6] fix: rename group in adduser command

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 72e9df37d..4dd450f11 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -112,7 +112,7 @@ WORKDIR /opt/app
 
 # Create plural user and home directory, set owner to plural
 RUN addgroup -g 10001 plural && \
-    adduser -s /bin/sh -u 10001 -G 10001 -h "/opt/app" -S -D plural && \
+    adduser -s /bin/sh -u 10001 -G plural -h "/opt/app" -S -D plural && \
     chown -R 10001:10001 "/opt/app"
 
 COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural

From 1ec58acf0f500704a4224a1b12add5012cec221d Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Sat, 11 Feb 2023 00:25:01 +0100
Subject: [PATCH 5/6] Change port to 8080 in config.exs

---
 rel/config/config.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rel/config/config.exs b/rel/config/config.exs
index f65e6c3ad..751fefc5f 100644
--- a/rel/config/config.exs
+++ b/rel/config/config.exs
@@ -4,11 +4,11 @@ import System, only: [get_env: 1]
 host = get_env("HOST")
 
 config :api, ApiWeb.Endpoint,
-  url: [host: host, port: 80],
+  url: [host: host, port: 8080],
   check_origin: ["//#{host}", "//plural-api"]
 
 config :rtc, RtcWeb.Endpoint,
-  url: [host: host, port: 80],
+  url: [host: host, port: 8080],
   check_origin: ["//#{host}", "//plural-rtc"]
 
 config :core, hostname: host

From 68fe919b8c59c8bad295899923a2eea91f386e62 Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Sat, 11 Feb 2023 00:25:31 +0100
Subject: [PATCH 6/6] Change port to 8080 in rtc.exs

---
 rel/config/rtc.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rel/config/rtc.exs b/rel/config/rtc.exs
index e3f643856..7d5db9a1e 100644
--- a/rel/config/rtc.exs
+++ b/rel/config/rtc.exs
@@ -2,7 +2,7 @@ import Config
 import System, only: [get_env: 1]
 
 config :rtc, RtcWeb.Endpoint,
-  url: [host: get_env("HOST"), port: 80],
+  url: [host: get_env("HOST"), port: 8080],
   check_origin: ["//#{get_env("HOST")}", "//plural-rtc"],
   secret_key_base: get_env("SECRET_KEY_BASE"),
   server: true