Skip to content

Commit

Permalink
refactored non-root image build process
Browse files Browse the repository at this point in the history
  • Loading branch information
@groundnuty
groundnuty committed Aug 17, 2022
1 parent 374a746 commit 6d103dc
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 48 deletions.
1 change: 1 addition & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ RUN apk add --update --no-cache ca-certificates=20220614-r0 curl=7.80.0-r2 jq=1.
&& curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/$TARGETARCH/kubectl -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl

# Replace for non-root version
ADD wait_for.sh /usr/local/bin/wait_for.sh

ENTRYPOINT ["wait_for.sh"]
17 changes: 17 additions & 0 deletions DockerfileNonRoot.snipset
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
ENV USER=docker
ENV UID=1100
ENV GID=1100

RUN addgroup -g $GID $USER && \
adduser \
--disabled-password \
--gecos "" \
--home "$(pwd)" \
--ingroup "$USER" \
--no-create-home \
--uid "$UID" \
"$USER"

USER $UID

ADD --chown=$UID:$GID wait_for.sh /usr/local/bin/wait_for.sh
38 changes: 0 additions & 38 deletions DockerfileRootless
View file

This file was deleted.

28 changes: 18 additions & 10 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,44 @@
TAG = $(shell git describe --tags --always)
PREFIX = $(shell git config --get remote.origin.url | tr ':.' '/' | rev | cut -d '/' -f 3 | rev)
USER_NAME = $(shell git config --get remote.origin.url | tr ':.' '/' | rev | cut -d '/' -f 3 | rev)
REPO_NAME = $(shell git config --get remote.origin.url | tr ':.' '/' | rev | cut -d '/' -f 2 | rev)
TARGET := $(if $(TARGET),$(TARGET),$(shell ./evaluate_platform.sh))
VCS_REF = $(shell git rev-parse --short HEAD)
BUILD_DATE = $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
BUILD_FLAGS := $(if $(BUILD_FLAGS),$(BUILD_FLAGS),--load --no-cache)
BUILDER_NAME = k8s-wait-for-builder
DOCKER_IMAGE := $(if $(DOCKER_IMAGE),$(DOCKER_IMAGE),'')
DOCKER_TAGS= $(PREFIX)/$(REPO_NAME):$(DOCKER_IMAGE)latest $(PREFIX)/$(REPO_NAME):$(DOCKER_IMAGE)$(TAG) ghcr.io/$(PREFIX)/$(REPO_NAME):$(DOCKER_IMAGE)latest ghcr.io/$(PREFIX)/$(REPO_NAME):$(DOCKER_IMAGE)$(TAG)
DOCKER_FILE := $(if $(DOCKER_FILE),$(DOCKER_FILE),Dockerfile)
NON_ROOT_DOCKERFILE = DockerfileNonRoot
DOCKER_TAGS = $(USER_NAME)/$(REPO_NAME):$(TAG_PREFIX)latest $(USER_NAME)/$(REPO_NAME):$(TAG_PREFIX)$(TAG) ghcr.io/$(USER_NAME)/$(REPO_NAME):$(TAG_PREFIX)latest ghcr.io/$(USER_NAME)/$(REPO_NAME):$(TAG_PREFIX)$(TAG)

all: push

container: image
images: image-root image-non-root

image:
image-root: image-root

image-non-root: TAG_PREFIX = no-root-
image-non-root: BUILD_FLAGS += --file=$(NON_ROOT_DOCKERFILE)
image-non-root: generate-non-root-dockerfile

generate-non-root-dockerfile:
sed -e '/# Replace for non-root version/ {' -e 'n' -e 'r DockerfileNonRoot.snipset' -e 'd' -e '}' Dockerfile > $(NON_ROOT_DOCKERFILE)

image-%:
@echo TARGET IS $(TARGET)
if ! docker buildx inspect $(BUILDER_NAME) 2> /dev/null ; then docker buildx create --name $(BUILDER_NAME) ; fi
docker buildx build \
--builder=$(BUILDER_NAME) \
--platform=$(TARGET) \
--build-arg VCS_REF=$(VCS_REF) \
--build-arg BUILD_DATE=$(BUILD_DATE) \
--file=$(DOCKER_FILE) \
$(BUILD_FLAGS) \
$(foreach TAG,$(DOCKER_TAGS),--tag $(TAG)) \
.

push: BUILD_FLAGS:=$(BUILD_FLAGS:--load=)
push: BUILD_FLAGS+=--push
push: image
push: BUILD_FLAGS := $(BUILD_FLAGS:--load=)
push: BUILD_FLAGS += --push
push: image-root image-non-root

clean:
rm -f $(NON_ROOT_DOCKERFILE)
if docker buildx inspect $(BUILDER_NAME) 2> /dev/null ; then docker buildx rm $(BUILDER_NAME) ; fi
$(foreach TAG,$(DOCKER_TAGS),docker rmi -f $(TAG); )

0 comments on commit 6d103dc

Please sign in to comment.