Run pre-commit security check as non-root (UID 1001)

docker run was using python:3.12-slim's default root user, causing pip to warn about running as root. Fix: add -u 1001:1001, set HOME=/tmp so pip --user has a writable install location, and pass --user to pip. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-13 23:04:32 +02:00
parent e2c55556ac
commit fd95459fc9
1 changed files with 3 additions and 1 deletions
@@ -19,8 +19,10 @@ docker run --rm \
  -v "$REPO_ROOT":/repo \
  -w /repo \
  -e STAGED_FILES="$STAGED" \
+  -u 1001:1001 \
+  -e HOME=/tmp \
  python:3.12-slim \
-  sh -c "pip install --quiet bandit && python scripts/security_check.py"
+  sh -c "pip install --quiet --user bandit && python scripts/security_check.py"

 EXIT_CODE=$?