Skip to content

Fix dockerfile binary permissions #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 18, 2024
Merged

Fix dockerfile binary permissions #279

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# First stage: Use an image that includes shell and utilities
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS builder

# Set the working directory and copy the 'manager' binary
WORKDIR /
COPY bin/manager .

# Set the executable permission on the 'manager' binary
RUN chmod +x /manager

# Use distroless as minimal base image to package the manager binary
FROM mcr.microsoft.com/cbl-mariner/distroless/debug:2.0
WORKDIR /

COPY bin/manager ./
# Copy the 'manager' binary from the first stage with the correct permissions
COPY --from=builder --chown=65532:65532 /manager .

# Set the user ID for the container process to 65532 (nonroot user)
USER 65532:65532

# Specify the command to run when the container starts

ENTRYPOINT ["/manager"]