From 35cc1cab34aba41efbf4bc948162902a9ff16cf0 Mon Sep 17 00:00:00 2001
From: Mathias Beaulieu-Duncan <mathias@svrnty.io>
Date: Mon, 2 Feb 2026 01:42:45 -0500
Subject: [PATCH] Add non-root flutter user to all SDK images

Creates a dedicated flutter user and switches to it as the default.
Resolves Docker Scout compliance check for non-root default user.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 Dockerfile         | 6 ++++++
 Dockerfile.android | 6 ++++++
 Dockerfile.linux   | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 2c62104..b81511f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -48,4 +48,10 @@ RUN flutter precache --web \
 # Verify installation
 RUN flutter doctor -v
 
+# Create non-root user for CI builds
+RUN groupadd -r flutter && useradd -r -g flutter -m -d /home/flutter flutter && \
+    chown -R flutter:flutter "${FLUTTER_HOME}" /home/flutter
+
 WORKDIR /app
+RUN chown flutter:flutter /app
+USER flutter
diff --git a/Dockerfile.android b/Dockerfile.android
index 26ae260..a296b9b 100644
--- a/Dockerfile.android
+++ b/Dockerfile.android
@@ -69,4 +69,10 @@ RUN flutter precache --android \
 
 RUN flutter doctor -v
 
+# Create non-root user for CI builds
+RUN groupadd -r flutter && useradd -r -g flutter -m -d /home/flutter flutter && \
+    chown -R flutter:flutter "${FLUTTER_HOME}" "${ANDROID_HOME}" /home/flutter
+
 WORKDIR /app
+RUN chown flutter:flutter /app
+USER flutter
diff --git a/Dockerfile.linux b/Dockerfile.linux
index d6259b0..9a62793 100644
--- a/Dockerfile.linux
+++ b/Dockerfile.linux
@@ -52,4 +52,10 @@ RUN flutter precache --linux \
 
 RUN flutter doctor -v
 
+# Create non-root user for CI builds
+RUN groupadd -r flutter && useradd -r -g flutter -m -d /home/flutter flutter && \
+    chown -R flutter:flutter "${FLUTTER_HOME}" /home/flutter
+
 WORKDIR /app
+RUN chown flutter:flutter /app
+USER flutter