From 0ed50ccfe7dfd4a4bb4f3475419a6cd41855613c Mon Sep 17 00:00:00 2001
From: Fexiven <48439988+Fexiven@users.noreply.github.com>
Date: Tue, 14 Apr 2026 19:22:08 +0200
Subject: [PATCH] Fix Docker deployment (#685)

* feat: add Docker image build and push to GHCR on release

Add Dockerfile (multi-stage build with node:22-slim) and a new docker
job in the release workflow that builds and pushes to ghcr.io when
release-please creates a tag.

* feat(docker): run as non-root user and add smoke test

Run the container as a non-root appuser to reduce blast radius.
Add a smoke test step that runs --version before pushing to GHCR.

* fix(docker): use existing node user instead of creating appuser

Closes #681
---
 Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3ac1b09a..0757a07a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,9 +41,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends git \
     && rm -rf /var/lib/apt/lists/*
 
 # Run as non-root user
-RUN groupadd --gid 1000 appuser && useradd --uid 1000 --gid appuser --shell /bin/bash --create-home appuser
-USER appuser
-WORKDIR /home/appuser
-ENV HOME=/home/appuser
+USER node
 
 ENTRYPOINT ["node", "/app/dist/cli.mjs"]