updated Dockerfile for custom user

Signed-off-by: Peter Siegmund <developer@mars3142.org>

server/cinema/Dockerfile

@@ -1,13 +1,22 @@
 # Use latest stable channel SDK.
 FROM dart:stable AS build
 
+# Set user/group IDs (defaults to 1000:1000)
+ARG PUID=1000
+ARG PGID=1000
+
+# Create user and group
+RUN groupadd -g $PGID appgroup && \
+    useradd -u $PUID -g $PGID -m appuser
+
 # Resolve app dependencies.
 WORKDIR /app
 COPY pubspec.* ./
 RUN dart pub get
 
 # Copy app source code (except anything in .dockerignore) and AOT compile app.
-COPY . .
+COPY --chown=$PUID:$PGID . .
+USER appuser
 RUN dart run build_runner build --delete-conflicting-outputs && \
     APP_VERSION=$(grep 'version:' pubspec.yaml | sed 's/version: //') && \
     dart compile exe bin/server.dart -o bin/server \
@@ -16,10 +25,18 @@ RUN dart run build_runner build --delete-conflicting-outputs && \
 # Build minimal serving image from AOT-compiled `/server`
 # and the pre-built AOT-runtime in the `/runtime/` directory of the base image.
 FROM scratch
+
+# Set user/group IDs (defaults to 1000:1000)
+ARG PUID=1000
+ARG PGID=1000
+
 COPY --from=build /runtime/ /
 COPY --from=build /app/bin/server /app/bin/
 COPY assets /assets
 
+# Set user for runtime (using numeric IDs since scratch has no users)
+USER $PUID:$PGID
+
 # Start server.
 EXPOSE 3000
 CMD ["/app/bin/server"]