From 050e402cc59c684ca93ac5e845aefed9c335022e Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Wed, 5 Oct 2022 10:36:23 +0200
Subject: [PATCH] use distroless.dev/static base image (backport #1648) (#1662)

* use distroless.dev/static base image (#1648)

* closes #1621

* run hermes commands as root

(cherry picked from commit e011a10d71cddfe9890170076209cd33a5e7f065)

# Conflicts:
#	Dockerfile
#	tests/e2e/e2e_test.go
#	tests/e2e/e2e_util_test.go

* Fix merge conflicts

* Set the version of Hermes to 0.12.0

* Resolved conflict with codeowners

Co-authored-by: Nathan Dias <kirbyquerby@users.noreply.github.com>
Co-authored-by: Milan Mulji <98309852+mmulji-ic@users.noreply.github.com>
---
 .github/CODEOWNERS          |  1 -
 Dockerfile                  | 20 ++++++++++++++++++++
 Makefile                    |  2 +-
 e2e.Dockerfile              |  2 +-
 tests/e2e/e2e_setup_test.go |  9 ++++++---
 5 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 Dockerfile

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index d547781b4d7..8f81535c902 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -3,7 +3,6 @@
 # Primary repo maintainers
 *       @okwme @alexanderbez @zmanian @yaruwangway @crodriguezvega @cmwaters @jackzampolin @mmulji-ic @glnro @pantani
 
-
 # Governance Process and Docs maintainers
 docs/governance/*       @hxrts @uditvira @LexaMichaelides @nooomski
 
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000000..b97fbfc34ab
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,20 @@
+ARG IMG_TAG=latest
+
+# Compile the gaiad binary
+FROM golang:1.18-alpine AS gaiad-builder
+WORKDIR /src/app/
+COPY go.mod go.sum* ./
+RUN go mod download
+COPY . .
+ENV PACKAGES curl make git libc-dev bash gcc linux-headers eudev-dev python3
+RUN apk add --no-cache $PACKAGES
+RUN CGO_ENABLED=0 make install
+
+# Add to a distroless container
+FROM distroless.dev/static:$IMG_TAG
+ARG IMG_TAG
+COPY --from=gaiad-builder /go/bin/gaiad /usr/local/bin/
+EXPOSE 26656 26657 1317 9090
+USER 0
+
+ENTRYPOINT ["gaiad", "start"]
diff --git a/Makefile b/Makefile
index d210a362d3a..4eca2d382c6 100644
--- a/Makefile
+++ b/Makefile
@@ -197,7 +197,7 @@ endif
 .PHONY: run-tests $(TEST_TARGETS)
 
 docker-build-debug:
-	@docker build -t cosmos/gaiad-e2e --build-arg IMG_TAG=debug -f e2e.Dockerfile .
+	@docker build -t cosmos/gaiad-e2e -f e2e.Dockerfile .
 
 # TODO: Push this to the Cosmos Dockerhub so we don't have to keep building it
 # in CI.
diff --git a/e2e.Dockerfile b/e2e.Dockerfile
index 27a7553d253..b941c2628dd 100644
--- a/e2e.Dockerfile
+++ b/e2e.Dockerfile
@@ -11,7 +11,7 @@ RUN apk add --no-cache $PACKAGES
 RUN CGO_ENABLED=0 make install
 
 # Add to a distroless container
-FROM gcr.io/distroless/cc:$IMG_TAG
+FROM distroless.dev/static:$IMG_TAG
 ARG IMG_TAG
 COPY --from=gaiad-builder /go/bin/gaiad /usr/local/bin/
 EXPOSE 26656 26657 1317 9090
diff --git a/tests/e2e/e2e_setup_test.go b/tests/e2e/e2e_setup_test.go
index 1f9d7bb0873..1737f638863 100644
--- a/tests/e2e/e2e_setup_test.go
+++ b/tests/e2e/e2e_setup_test.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"strconv"
@@ -211,7 +212,7 @@ func (s *IntegrationTestSuite) initGenesis(c *chain) {
 	bz, err = tmjson.MarshalIndent(genDoc, "", "  ")
 	s.Require().NoError(err)
 
-	// write the updated genesis file to each validator
+	// write the updated genesis file to each validator.
 	for _, val := range c.validators {
 		writeFile(filepath.Join(val.configDir(), "config", "genesis.json"), bz)
 	}
@@ -271,11 +272,13 @@ func (s *IntegrationTestSuite) runValidators(c *chain, portOffset int) {
 			Name:      val.instanceName(),
 			NetworkID: s.dkrNet.Network.ID,
 			Mounts: []string{
-				fmt.Sprintf("%s/:/root/.gaia", val.configDir()),
+				fmt.Sprintf("%s/:/home/nonroot/.gaia", val.configDir()),
 			},
 			Repository: "cosmos/gaiad-e2e",
 		}
 
+		s.Require().NoError(exec.Command("chmod", "-R", "0777", val.configDir()).Run())
+
 		// expose the first validator for debugging and communication
 		if val.index == 0 {
 			runOpts.PortBindings = map[docker.Port][]docker.PortBinding{
@@ -347,7 +350,7 @@ func (s *IntegrationTestSuite) runIBCRelayer() {
 		&dockertest.RunOptions{
 			Name:       fmt.Sprintf("%s-%s-relayer", s.chainA.id, s.chainB.id),
 			Repository: "ghcr.io/cosmos/hermes-e2e",
-			Tag:        "latest",
+			Tag:        "0.12.0",
 			NetworkID:  s.dkrNet.Network.ID,
 			Mounts: []string{
 				fmt.Sprintf("%s/:/root/hermes", hermesCfgPath),