如何在构建过程中更改docker镜像中的所有权

1. FROM node:16.17-alpine
2. 
3. RUN addgroup app && adduser -S -G app app
4. USER app
5. 
6. WORKDIR /app
7. COPY . .

然后我运行：docker build -t mytest .

[+] Building 3.3s (9/9) FINISHED
=> [internal] load build definition from Dockerfile                                                                                                0.1s
=> => transferring dockerfile: 313B                                                                                                                0.0s
=> [internal] load .dockerignore                                                                                                                   0.0s
=> => transferring context: 34B                                                                                                                    0.0s
=> [internal] load metadata for docker.io/library/node:16.17-alpine                                                                                3.0s
=> [1/4] FROM docker.io/library/node:16.17-alpine@sha256:4d68856f48be7c73cd83ba8af3b6bae98f4679e14d1ff49e164625ae8831533a                          0.0s
=> [internal] load build context                                                                                                                   0.0s
=> => transferring context: 40.15kB                                                                                                                0.0s
=> CACHED [2/4] RUN addgroup app && adduser -S -G app app                                                                                          0.0s
=> CACHED [3/4] WORKDIR /app                                                                                                                       0.0s
=> [4/4] COPY . .                                                                                                                                  0.0s
=> exporting to image                                                                                                                              0.1s
=> => exporting layers                                                                                                                             0.0s
=> => writing image sha256:aaeb83b6fde7be16f0c9a80d7f9a5af868a08ad603269051014716a32ca8f54c                                                        0.0s 
=> => naming to docker.io/library/mytest                                                                                                           0.0s

现在，当我在容器上运行它时：docker run -it mytest sh并确认我是CCD_ 3(用户(。

/app $ whoami
app

运行ls -l命令，在许可的情况下查看里面的内容

/app $ ls -l
total 52
-rwxr-xr-x    1 root     root           274 Oct 11 06:22 Dockerfile
-rwxr-xr-x    1 root     root           309 Oct 10 12:47 index.js
-rwxr-xr-x    1 root     root         39685 Oct 11 06:37 package-lock.json
-rwxr-xr-x    1 root     root           211 Oct 10 13:45 package.json

所有者是root，但在我的Dockerfile第3行。在运行复制命令之前，我创建了一个用户组和用户。我还在第4行将user设置为app。但为什么复制内容的所有者是root而不是应用程序？

当我在那里创建一个新文件hello.ts时，所有者现在是应用

/app $ touch hello.ts
/app $ ls -l
total 52
-rwxr-xr-x    1 root     root           274 Oct 11 06:22 Dockerfile
-rw-r--r--    1 app      app              0 Oct 11 06:42 hello.ts
-rwxr-xr-x    1 root     root           309 Oct 10 12:47 index.js
-rwxr-xr-x    1 root     root         39685 Oct 11 06:37 package-lock.json
-rwxr-xr-x    1 root     root           211 Oct 10 13:45 package.json
/app $ 

如何在构建中设置用户？