diff --git a/.gitea/workflows/almalinux8.yaml b/.gitea/workflows/almalinux8.yaml
deleted file mode 100644
index 1d1ee9b..0000000
--- a/.gitea/workflows/almalinux8.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-name: Build and push Almalinux 8 container images
-
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build almalinux8 container images
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    strategy:
-      matrix:
-        flavor: ["default", "minimal", "micro"]
-        version: ["8.10"]
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: Login to docker.io
-        uses: docker/login-action@v3
-        with:
-          registry: quay.io
-          username: ${{ vars.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_SECRET }}
-      # - name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v3
-      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3
-      - if: ${{ matrix.flavor == 'default' }}
-        name: Build and push almalinux base image
-        uses: docker/build-push-action@v5
-        with:
-          # platforms: linux/amd64,linux/arm64
-          push: true
-          context: .
-          file: ./8/Dockerfile.${{ matrix.flavor }}
-          build-args: |
-            ALMALINUX_VERSION=${{ matrix.version }}            
-          tags: |
-            quay.io/teras/almalinux:${{ matrix.version }}
-            quay.io/teras/almalinux:8
-      - if: ${{ matrix.flavor == 'micro' || matrix.flavor == 'minimal' }} 
-        name: Build and push almalinux flavor image
-        uses: docker/build-push-action@v5
-        with:
-          # platforms: linux/amd64,linux/arm64
-          push: true
-          context: .
-          file: ./8/Dockerfile.${{ matrix.flavor }}
-          build-args: |
-            ALMALINUX_VERSION=${{ matrix.version }}            
-          tags: |
-            quay.io/teras/almalinux:${{ matrix.version }}-${{ matrix.flavor }}
-            quay.io/teras/almalinux:8-${{ matrix.flavor }}
diff --git a/.gitea/workflows/almalinux9.yaml b/.gitea/workflows/almalinux9.yaml
deleted file mode 100644
index 0c9cbc0..0000000
--- a/.gitea/workflows/almalinux9.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: Build and push Almalinux 9 container images
-
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build almalinux9 container images
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    strategy:
-      matrix:
-        flavor: ["default", "minimal", "micro"]
-        version: ["9.5"]
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: Login to docker.io
-        uses: docker/login-action@v3
-        with:
-          registry: quay.io
-          username: ${{ vars.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_SECRET }}
-      # - name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v3
-      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3
-      - if: ${{ matrix.flavor  == 'default' }}
-        name: Build and push almalinux
-        uses: docker/build-push-action@v5
-        with:
-          # platforms: linux/amd64,linux/arm64
-          push: true
-          context: .
-          file: ./9/Dockerfile.${{ matrix.flavor }}
-          build-args: |
-            ALMALINUX_VERSION=${{ matrix.version }}            
-          tags: |
-            quay.io/teras/almalinux:${{ matrix.version }}
-            quay.io/teras/almalinux:9
-            quay.io/teras/almalinux:latest
-      - if: ${{ matrix.flavor == 'micro' || matrix.flavor == 'minimal' }}
-        name: Build and push almalinux
-        uses: docker/build-push-action@v5
-        with:
-          # platforms: linux/amd64,linux/arm64
-          push: true
-          context: .
-          file: ./9/Dockerfile.${{ matrix.flavor }}
-          build-args: |
-            ALMALINUX_VERSION=${{ matrix.version }}            
-          tags: |
-            quay.io/teras/almalinux:${{ matrix.version }}-${{ matrix.flavor }}
-            quay.io/teras/almalinux:9-${{ matrix.flavor }}
-            quay.io/teras/almalinux:${{ matrix.flavor }}
\ No newline at end of file
diff --git a/.gitea/workflows/master.yaml b/.gitea/workflows/master.yaml
new file mode 100644
index 0000000..059bb66
--- /dev/null
+++ b/.gitea/workflows/master.yaml
@@ -0,0 +1,81 @@
+name: Build and push Almalinux container images
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build almalinux container images
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        params:
+          - edition: "micro"
+            major_version: "8"
+            major_edition: "true"
+            version: "8.10"
+          - edition: "minimal"
+            major_version: "8"
+            major_edition: "true"
+            version: "8.10"
+          - edition: "base"
+            major_version: "8"
+            major_edition: "true"
+            version: "8.10"
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Login to docker.io
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ vars.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_SECRET }}
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+      - if: ${{ matrix.params.edition != 'base' && matrix.params.major_edition != 'true' && matrix.params.latest != 'true' }}
+        name: Build and push almalinux
+        uses: docker/build-push-action@v5
+        with:
+          # platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: ./${{ matrix.params.major_version }}/Dockerfile.${{ matrix.params.edition }}
+          build-args: |
+            OS_VERSION=${{ matrix.params.version }}            
+          tags: |
+            quay.io/teras/almalinux:${{ matrix.params.version }}-${{ matrix.params.edition }}
+            quay.io/teras/almalinux:${{ matrix.params.major_version }}-${{ matrix.params.edition }}
+      - if: ${{ matrix.params.edition == 'base' && matrix.params.major_edition != 'true' && matrix.params.latest != 'true' }}
+        name: Build and push almalinux
+        uses: docker/build-push-action@v5
+        with:
+          # platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: ./${{ matrix.params.major_version }}/Dockerfile.${{ matrix.params.edition }}
+          build-args: |
+            OS_VERSION=${{ matrix.params.version }}
+          tags: |
+            quay.io/teras/almalinux:${{ matrix.params.version }}
+            quay.io/teras/almalinux:${{ matrix.params.major_version }}
+      # - if: ${{ matrix.flavor == 'micro' || matrix.flavor == 'minimal' }}
+      #   name: Build and push almalinux
+      #   uses: docker/build-push-action@v5
+      #   with:
+      #     # platforms: linux/amd64,linux/arm64
+      #     push: true
+      #     context: .
+      #     file: ./9/Dockerfile.${{ matrix.flavor }}
+      #     build-args: |
+      #       ALMALINUX_VERSION=${{ matrix.version }}            
+      #     tags: |
+      #       quay.io/teras/almalinux:${{ matrix.version }}-${{ matrix.flavor }}
+      #       quay.io/teras/almalinux:9-${{ matrix.flavor }}
+      #       quay.io/teras/almalinux:${{ matrix.flavor }}
\ No newline at end of file
diff --git a/8/Dockerfile.default b/8/Dockerfile.base
similarity index 86%
rename from 8/Dockerfile.default
rename to 8/Dockerfile.base
index 8fdb3af..35940a1 100644
--- a/8/Dockerfile.default
+++ b/8/Dockerfile.base
@@ -1,12 +1,10 @@
-ARG ALMALINUX_VERSION=8.10
+ARG OS_VERSION=8.10
 
-FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+FROM docker.io/almalinux:${OS_VERSION} AS builder
 
 RUN mkdir -p /mnt/rootfs; \
     dnf -y install \
         almalinux-release \
-        bash \
-        epel-release \
         coreutils-single \
         crypto-policies-scripts \
         findutils \
@@ -51,7 +49,10 @@ RUN rm -rf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* /mnt/rootfs/var/ca
     rm -f /mnt/rootfs/etc/machine-id; \
     touch /mnt/rootfs/etc/machine-id; \
     touch /mnt/rootfs/etc/resolv.conf; \
-    touch /mnt/rootfs/etc/hostname
+    touch /mnt/rootfs/etc/hostname; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/sh" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow ;
 
 FROM scratch AS stage2
 
@@ -67,9 +68,13 @@ RUN systemctl set-default multi-user.target; \
 
 FROM scratch
 
+ARG OS_VERSION=8.10
+
+ENV LANG=C.utf8
+
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux"
-LABEL version="${ALMALINUX_VERSION}"
+LABEL version="${OS_VERSION}"
 LABEL distribution-scope="public"
 
 #labels for container catalog
@@ -80,6 +85,11 @@ LABEL io.k8s.display-name="Almalinux 8"
 
 COPY --from=stage2 / /
 
-ENV LANG=C.utf8
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
 
-CMD ["/bin/bash"]
\ No newline at end of file
+USER appuser
+WORKDIR /app
+
+CMD ["/bin/sh"]
\ No newline at end of file
diff --git a/8/Dockerfile.micro b/8/Dockerfile.micro
index f56f91d..ab09cc5 100644
--- a/8/Dockerfile.micro
+++ b/8/Dockerfile.micro
@@ -32,12 +32,17 @@ RUN rm -rf /mnt/rootfs/var/cache/dnf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/li
     # echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
     echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \
     echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \
-    cp ../usr/share/zoneinfo/Asia/Jakarta /mnt/rootfs/etc/localtime ;
+    cp ../usr/share/zoneinfo/Asia/Jakarta /mnt/rootfs/etc/localtime; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/sh" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow ;
 
 FROM scratch
 
 ARG ALMALINUX_VERSION=8.10
 
+ENV LANG=C.utf8
+
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux-micro"
 LABEL version="${ALMALINUX_VERSION}"
@@ -51,4 +56,11 @@ LABEL io.k8s.display-name="Almalinux 9 Micro"
 
 COPY --from=builder /mnt/rootfs/ /
 
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
+
+USER appuser
+WORKDIR /app
+
 CMD ["/bin/sh"]
\ No newline at end of file
diff --git a/8/Dockerfile.minimal b/8/Dockerfile.minimal
index ace5cba..619486e 100644
--- a/8/Dockerfile.minimal
+++ b/8/Dockerfile.minimal
@@ -1,6 +1,6 @@
-ARG ALMALINUX_VERSION=8.10
+ARG OS_VERSION=8.10
 
-FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+FROM docker.io/almalinux:${OS_VERSION} AS builder
 
 RUN mkdir -p /mnt/rootfs; \
     dnf -y install \
@@ -27,9 +27,9 @@ RUN rm -rf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* /mnt/rootfs/var/ca
     echo '0.000000 1728971976 0.000000' > /mnt/rootfs/etc/adjtime; \
     echo '1728971976' >> /mnt/rootfs/etc/adjtime; \
     echo 'LOCAL' >> /mnt/rootfs/etc/adjtime; \
-    echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
-    echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
-    echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo '# This file has been generated by the Anaconda Installer.' > /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
+    # echo 'PERMITROOTLOGIN="-oPermitRootLogin=no"' >> /mnt/rootfs/etc/sysconfig/sshd-permitrootlogin ;\
     echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \
     echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \
     rm -rf /mnt/rootfs/usr/share/locale/en_CA/ /mnt/rootfs/usr/share/locale/en_GB/ /mnt/rootfs/usr/share/locale/en@* /mnt/rootfs/usr/share/locale/en  /mnt/rootfs/usr/share/locale/en*@* /mnt/rootfs/usr/share/i18n/charmaps /mnt/rootfs/usr/share/i18n/locales ;\
@@ -38,15 +38,20 @@ RUN rm -rf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* /mnt/rootfs/var/ca
     touch /mnt/rootfs/etc/resolv.conf; \
     touch /mnt/rootfs/etc/hostname; \
     cd /mnt/rootfs/etc ; \
-    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime
+    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/sh" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow ;
 
 FROM scratch
 
-ARG ALMALINUX_VERSION=8.10
+ARG OS_VERSION=8.10
+
+ENV LANG=C.utf8
 
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux"
-LABEL version="${ALMALINUX_VERSION}"
+LABEL version="${OS_VERSION}"
 LABEL distribution-scope="public"
 
 #labels for container catalog
@@ -57,6 +62,11 @@ LABEL io.k8s.display-name="Almalinux 8"
 
 COPY --from=builder /mnt/rootfs /
 
-ENV LANG=C.utf8
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
+
+USER appuser
+WORKDIR /app
 
 CMD ["/bin/sh"]
\ No newline at end of file
diff --git a/9/Dockerfile.default b/9/Dockerfile.base
similarity index 89%
rename from 9/Dockerfile.default
rename to 9/Dockerfile.base
index 267e647..cb20149 100644
--- a/9/Dockerfile.default
+++ b/9/Dockerfile.base
@@ -1,13 +1,11 @@
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
 
-FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+FROM docker.io/almalinux:${OS_VERSION} AS builder
 
 # Install almalinux-release and required dependencies
 RUN mkdir -p /mnt/rootfs; \
     dnf -y install --installroot /mnt/rootfs \
         almalinux-release \
-        bash \
-        epel-release \
         coreutils-single \
         crypto-policies-scripts \
         curl-minimal \
@@ -71,7 +69,10 @@ RUN mkdir -p /mnt/rootfs/var/cache/private /mnt/rootfs/var/lib/private /mnt/root
     sed -i "/sgx/d" /mnt/rootfs/etc/group- ; \
     sed -i "/sgx/d" /mnt/rootfs/etc/gshadow- ; \
     cd /mnt/rootfs/etc ; \
-    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime;
+    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/sh" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow ;
 
 FROM scratch AS stage2
 
@@ -87,11 +88,13 @@ RUN systemctl set-default multi-user.target; \
 
 FROM scratch
 
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
+
+ENV LANG=C.utf8
 
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux"
-LABEL version="${ALMALINUX_VERSION}"
+LABEL version="${OS_VERSION}"
 LABEL distribution-scope="public"
 
 #labels for container catalog
@@ -102,6 +105,11 @@ LABEL io.k8s.display-name="Almalinux 9"
 
 COPY --from=stage2 / /
 
-ENV LANG=C.utf8
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
 
-CMD ["/bin/bash"]
\ No newline at end of file
+USER appuser
+WORKDIR /app
+
+CMD ["/bin/sh"]
\ No newline at end of file
diff --git a/9/Dockerfile.micro b/9/Dockerfile.micro
index eca9038..87a2a25 100644
--- a/9/Dockerfile.micro
+++ b/9/Dockerfile.micro
@@ -1,6 +1,6 @@
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
 
-FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+FROM docker.io/almalinux:${OS_VERSION} AS builder
 
 RUN mkdir -p /mnt/rootfs; \
     dnf install --installroot /mnt/rootfs \
@@ -33,15 +33,20 @@ RUN rm -rf /mnt/rootfs/var/cache/dnf /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/li
     echo 'KEYMAP="us"' > /mnt/rootfs/etc/vconsole.conf; \
     echo 'FONT="eurlatgr"' >> /mnt/rootfs/etc/vconsole.conf; \
     mkdir -p /mnt/rootfs/run/lock; \
-    cp ../usr/share/zoneinfo/Asia/Jakarta /mnt/rootfs/etc/localtime ;
+    cp ../usr/share/zoneinfo/Asia/Jakarta /mnt/rootfs/etc/localtime ; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/sh" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow;
 
 FROM scratch
 
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
+
+ENV LANG=C.utf8
 
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux-micro"
-LABEL version="${ALMALINUX_VERSION}"
+LABEL version="${OS_VERSION}"
 LABEL distribution-scope="public"
 
 #labels for container catalog
@@ -50,6 +55,13 @@ LABEL description="Provide latest release of micro Almalinux 9 container base im
 LABEL io.k8s.description="Very small almalinux 9 based image which doesn't install package manager"
 LABEL io.k8s.display-name="Almalinux 9 Micro"
 
-COPY --from=builder /mnt/rootfs/ /
+COPY --from=builder /mnt/rootfs /
+
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
+
+USER appuser
+WORKDIR /app
 
 CMD ["/bin/sh"]
\ No newline at end of file
diff --git a/9/Dockerfile.minimal b/9/Dockerfile.minimal
index 5514fdb..970aa41 100644
--- a/9/Dockerfile.minimal
+++ b/9/Dockerfile.minimal
@@ -1,6 +1,6 @@
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
 
-FROM docker.io/almalinux:${ALMALINUX_VERSION} AS builder
+FROM docker.io/almalinux:${OS_VERSION} AS builder
 
 # Install almalinux-release and required dependencies
 RUN mkdir -p /mnt/rootfs; \
@@ -60,15 +60,20 @@ RUN mkdir -p /mnt/rootfs/var/cache/private /mnt/rootfs/var/lib/private /mnt/root
     sed -i "/sgx/d" /mnt/rootfs/etc/group- ; \
     sed -i "/sgx/d" /mnt/rootfs/etc/gshadow- ; \
     cd /mnt/rootfs/etc ; \
-    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime;
+    ln -s ../usr/share/zoneinfo/Asia/Jakarta localtime; \
+    echo "appuser:x:10000:" >> /mnt/rootfs/etc/group ; \
+    echo "appuser:x:10000:10000:appuser:/app:/bin/bash" >> /mnt/rootfs/etc/passwd ; \
+    echo "appuser:!!:20070::::::" >> /mnt/rootfs/etc/shadow;
 
 FROM scratch
 
-ARG ALMALINUX_VERSION=9.5
+ARG OS_VERSION=9.5
+
+ENV LANG=C.utf8
 
 LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
 LABEL name="almalinux"
-LABEL version="${ALMALINUX_VERSION}-minimal"
+LABEL version="${OS_VERSION}-minimal"
 LABEL distribution-scope="public"
 
 #labels for container catalog
@@ -79,6 +84,11 @@ LABEL io.k8s.display-name="Almalinux 9 Minimal"
 
 COPY --from=builder /mnt/rootfs /
 
-ENV LANG=C.utf8
+RUN mkdir -p /app; \
+    chmod 700 /app; \
+    chown -R 10000:10000 /app;
+
+USER appuser
+WORKDIR /app
 
 CMD ["/bin/sh"]
\ No newline at end of file