From 270d365733bb54532d9b0b1902b8524e6d8da87e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Cuadrado=20Juan?= Date: Wed, 6 Dec 2023 16:56:01 +0100 Subject: [PATCH 1/2] feat: Build image with scratch instead of distroless MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Víctor Cuadrado Juan --- Dockerfile | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 145fddcf..a1b511e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,11 +17,14 @@ COPY internal/ internal/ # Build RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o audit-scanner . -# Use distroless as minimal base image to package the audit-scanner binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY --from=builder /workspace/audit-scanner . -USER 65532:65532 +FROM alpine AS cfg +RUN echo "audit-scanner:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd +RUN echo "audit-scanner:x:65533:audit-scanner" >> /etc/group +# Copy the statically-linked binary into a scratch container. +FROM scratch +COPY --from=cfg /etc/passwd /etc/passwd +COPY --from=cfg /etc/group /etc/group +COPY --from=builder --chmod=0755 /workspace/audit-scanner /audit-scanner +USER 65532:65532 ENTRYPOINT ["/audit-scanner"] From 07d5a0c93af0588016c9a4d63c54c539be046750 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Cuadrado=20Juan?= Date: Wed, 6 Dec 2023 16:56:17 +0100 Subject: [PATCH 2/2] feat: Support older docker versions just in case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://docs.docker.com/build/buildkit/#getting-started Signed-off-by: Víctor Cuadrado Juan --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 43951f57..b29e94fb 100644 --- a/Makefile +++ b/Makefile @@ -29,4 +29,4 @@ build: fmt vet lint ## Build audit-scanner binary. .PHONY: docker-build docker-build: unit-tests - docker build -t ${IMG} . + DOCKER_BUILDKIT=1 docker build -t ${IMG} .