From 6a5d7ba797698d6f7b30235a8e6294a4324cd4e8 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Wed, 1 Nov 2023 17:05:52 -0700
Subject: [PATCH] expose port and drop to nobody user in go example

---
 examples/go_http_hello/Dockerfile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/examples/go_http_hello/Dockerfile b/examples/go_http_hello/Dockerfile
index dfec3ab..dfb0e03 100644
--- a/examples/go_http_hello/Dockerfile
+++ b/examples/go_http_hello/Dockerfile
@@ -1,9 +1,17 @@
 ARG GO_IMAGE=ocirep:go
 FROM ${GO_IMAGE} as build
 COPY . .
-RUN cargo build main.go
+RUN go build main.go
+
+RUN mkdir -p rootfs/etc \
+    && echo "nogroup:*:100:nobody" > ~/rootfs/etc/group \
+    && echo "nobody:*:100:100:::" > ~/rootfs/etc/passwd \
+    && cp main rootfs/
 
 ARG CA_IMAGE=ocirep:ca-certificates
 FROM scratch
 COPY --from=${CA_IMAGE} /
-COPY --from=build main .
+COPY --from=build --chown=100:100 rootfs /
+USER 100:100
+EXPOSE 8080
+ENTRYPOINT main