Skip to content

Commit 3c86543

Browse files
nxtcoder17nxtcoder17
committed
feat: dockerfile updates scratch to distroless/static, and nonroot
images
1 parent b4fbc39 commit 3c86543

2 files changed

Lines changed: 7 additions & 5 deletions

File tree

Dockerfile.ci

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ nix \
2424
develop --command run build binary_out=/tmp/plugin-helm-controller
2525
EOF
2626

27-
FROM scratch
28-
COPY --from=builder /tmp/plugin-helm-controller /plugin-helm-controller
29-
USER 1001
30-
ENTRYPOINT ["/plugin-helm-controller"]
27+
FROM gcr.io/distroless/static
28+
WORKDIR /home/nonroot
29+
USER nonroot:nonroot
30+
COPY --from=builder --chown=nonroot:nonroot /tmp/plugin-helm-controller ./plugin-helm-controller
31+
ENTRYPOINT ["./plugin-helm-controller"]

IMAGES/helm-job-runner/Dockerfile-nix

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
1616
EOF
1717

1818
FROM gcr.io/distroless/static
19-
COPY --from=builder /tmp/nix-store-closure /nix/store
19+
WORKDIR /home/nonroot
2020
USER nonroot:nonroot
21+
COPY --from=builder /tmp/nix-store-closure /nix/store
2122
COPY --from=builder --chown=nonroot:nonroot /tmp/output/ /app/
2223
ENV PATH=/app/result/bin

0 commit comments

Comments
 (0)