From a936692e379cba9084fa015f8366b0c311dc3a5c Mon Sep 17 00:00:00 2001
From: Yordan Miladinov <ymiladinov@blockdaemon.com>
Date: Mon, 9 Jun 2025 17:02:16 +0300
Subject: [PATCH] Docker image now runs as non-root

---
 Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 06cf222a..974e763a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM golang:1.24 as builder
+FROM golang:1.24 AS builder
 ARG VERSION
 WORKDIR /build
 
@@ -8,16 +8,18 @@ COPY go.sum ./
 
 RUN go mod download
 
-ADD . .
+COPY . .
 RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 GOOS=linux go build \
     -trimpath \
     -v \
     -ldflags "-w -s -X 'github.com/flashbots/mev-boost/config.Version=$VERSION'" \
     -o mev-boost .
 
-FROM alpine
+FROM alpine:3
 WORKDIR /app
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /build/mev-boost /app/mev-boost
 EXPOSE 18550
+RUN adduser -D mev
+USER mev
 ENTRYPOINT ["/app/mev-boost"]