Skip to content

Commit

Permalink
Switch porch-server to use distroless image (#4047)
Browse files Browse the repository at this point in the history 
Signed-off-by: Morten Torkildsen <mortent@google.com>
  • Loading branch information
@mortent
mortent committed Sep 21, 2023
1 parent 336dfcb commit c924a3b
Showing 1 changed file with 5 additions and 12 deletions.
17 changes: 5 additions & 12 deletions porch/build/Dockerfile.porch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ RUN echo "Downloading porch modules ..." \
RUN echo "Downloading api modules ..." \
&& cd porch/api && go mod download

ENV CGO_ENABLED=0
# Prebuild some library dependencies to warm the cache
RUN cd porch; go build -v \
google.golang.org/grpc \
Expand All @@ -53,15 +54,7 @@ COPY porch/func porch/func

RUN cd porch; go build -v -o /porch ./cmd/porch

FROM debian:bookworm-slim
RUN apt update && apt install -y ca-certificates && apt install -y git && rm -rf /var/lib/apt && rm -rf /var/cache/apt

RUN useradd -s /bin/bash -d /home/porch/ -m -u 1999 porch
WORKDIR /home/porch

COPY --from=builder /porch /home/porch/porch
RUN chown porch:porch /home/porch/porch; chmod +x /home/porch/porch

USER porch

ENTRYPOINT ["/home/porch/porch"]
FROM gcr.io/distroless/static:nonroot
COPY --from=builder --chown=nonroot:nonroot /porch /home/nonroot/porch
USER nonroot:nonroot
ENTRYPOINT ["/home/nonroot/porch"]

0 comments on commit c924a3b

Please sign in to comment.