From 0ac0d94be7f0df9da2d39db05ae7896d10c8bd44 Mon Sep 17 00:00:00 2001
From: Eric Guo <eric.guocz@gmail.com>
Date: Sun, 12 Nov 2023 11:19:54 +0800
Subject: [PATCH] Make Dockerfile template compatible with Kubernetes rootless
 pods rails/rails#49742

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a241609b0b..1c8f82f115 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -74,9 +74,10 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     chown -R rails:rails db log storage tmp
-USER rails:rails
+USER 1000:1000
 
 # Entrypoint prepares the database.
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]