From cc6f03d27b47c194e7222f11c0e99e37e77b7cfb Mon Sep 17 00:00:00 2001
From: CaffeineFueled <hello@ittavern.com>
Date: Fri, 2 May 2025 18:13:59 +0200
Subject: [PATCH] ADD read-only flag to run script and ADD gitignore to source
 dir

---
 run_container.sh  | 3 ++-
 source/.gitignore | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 source/.gitignore

diff --git a/run_container.sh b/run_container.sh
index 5a11df3..8fc342c 100755
--- a/run_container.sh
+++ b/run_container.sh
@@ -46,6 +46,7 @@ echo "Starting container..."
 $CONTAINER_CMD run --name ${CONTAINER_NAME} \
     -p 8000:8000 \
     -v "$SOURCE_DIR":/home/appuser/app/source${VOLUME_FLAG} \
+    --read-only \
     --security-opt no-new-privileges:true \
     --cap-drop ALL \
     --user 1000:1000 \
@@ -66,4 +67,4 @@ if [ $? -eq 0 ]; then
 else
     echo "Failed to start container."
     exit 1
-fi
\ No newline at end of file
+fi
diff --git a/source/.gitignore b/source/.gitignore
new file mode 100644
index 0000000..5e7d273
--- /dev/null
+++ b/source/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore