From fd95459fc974a0fede4075564b7499abd3823aa6 Mon Sep 17 00:00:00 2001
From: curo1305 <curo1305@proton.me>
Date: Mon, 13 Apr 2026 23:04:32 +0200
Subject: [PATCH] Run pre-commit security check as non-root (UID 1001)

docker run was using python:3.12-slim's default root user, causing pip
to warn about running as root. Fix: add -u 1001:1001, set HOME=/tmp so
pip --user has a writable install location, and pass --user to pip.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .githooks/pre-commit | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index 7843e82..213d207 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -19,8 +19,10 @@ docker run --rm \
   -v "$REPO_ROOT":/repo \
   -w /repo \
   -e STAGED_FILES="$STAGED" \
+  -u 1001:1001 \
+  -e HOME=/tmp \
   python:3.12-slim \
-  sh -c "pip install --quiet bandit && python scripts/security_check.py"
+  sh -c "pip install --quiet --user bandit && python scripts/security_check.py"
 
 EXIT_CODE=$?