From ce9e71c7936bcf06347a2e3f40a3b70e250b3d2d Mon Sep 17 00:00:00 2001
From: Frontend Frankie <frankie@cartsnitch.app>
Date: Sun, 22 Mar 2026 16:06:00 +0000
Subject: [PATCH] fix: add explicit USER 101 to prod stage Dockerfile

Kubernetes runAsNonRoot validation requires the USER directive to be
explicitly set in the image metadata. nginx-unprivileged runs as UID 101
internally, but without the explicit USER directive Kubernetes cannot
verify this from the image config and fails with CreateContainerConfigError.

Fixes CAR-231.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 069d83b..0b92e95 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,6 +15,7 @@ FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
 COPY --from=build /app/dist /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+USER 101
 EXPOSE 8080
 
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \