From ed6678abe9739dd86d723ca45902b6b3d6c07633 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Thu, 14 Mar 2024 04:28:21 -0500
Subject: [PATCH] fix: permissions when trying to output

Needed to ensure the new appuser in the Dockerfile has permissions
to write in the container.

If a bad actor tries to set `GITHUB_OUTPUT` to something like
../../output.json we will get an expected error

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7a06d1b..2e6ec1c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,16 +11,16 @@ LABEL com.github.actions.name="stale-repos" \
     org.opencontainers.image.vendor="GitHub" \
     org.opencontainers.image.description="Find stale repositories in a GitHub organization."
 
-
 WORKDIR /action/workspace
 COPY requirements.txt stale_repos.py /action/workspace/
 
-RUN python3 -m pip install --no-cache-dir -r requirements.txt \
+RUN useradd -m appuser \
+    && chown -R appuser:appuser /action/workspace \
+    && python3 -m pip install --no-cache-dir -r requirements.txt \
     && apt-get -y update \
     && apt-get -y install --no-install-recommends git-all=1:2.39.2-1.1 \
     && rm -rf /var/lib/apt/lists/*
 
-RUN useradd -m appuser
 USER appuser
 
 CMD ["/action/workspace/stale_repos.py"]