78459df962
This is a major issue. Docker Images were built and published with a root user in the CI. if a user manages to break out of the application running as root in the container, he may gain root user access on host. In addition, configuring container to user unprivileged is the best way yo prevent privilege escalation attacks. We mitigated this issue by creating a new environment variable DOCKER_USER. DOCKER_USER is set with id -u and id -g outputs. Then, it is passed as a build-args when running docker/build-push-action steps.