Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix use of ARG for users in Dockerfile #4871

Closed
wants to merge 3 commits into from
Closed

Fix use of ARG for users in Dockerfile #4871

wants to merge 3 commits into from

Conversation

jonjohnsonjr
Copy link

@jonjohnsonjr jonjohnsonjr commented Feb 6, 2024
edited
Loading

An ARG is scoped to a specific build stage, so these later stages end up with the user being ":" instead of "1000:1000".

https://docs.docker.com/engine/reference/builder/#scope

$ crane config ghcr.io/spiffe/oidc-discovery-provider:nightly | jq .config.User
":"

@jonjohnsonjr
Fix use of ARG for users in Dockerfile
5502ee3 
An ARG is scoped to a specific build stage, so these later stages end up
with the user being ":" instead of "1000:1000".

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
@amartinezfayo amartinezfayo self-assigned this Feb 6, 2024
@amartinezfayo amartinezfayo added this to the 1.9.1 milestone Feb 16, 2024
@amartinezfayo
Copy link
Member

Thank you @jonjohnsonjr for this contribution.
While I was reviewing this, I've noticed that the Dockerfile does not honor the specified ${spireuid}:${spiregid} in the USER instructions, which explains why the build fails with the proposed changes. I've filed #4903 to address that.
We will need to fix that before taking this contribution.
Thanks again!

@amartinezfayo amartinezfayo mentioned this pull request Mar 11, 2024
Merged
@MarcosDY MarcosDY modified the milestones: 1.9.2, 1.9.3 Mar 14, 2024
@amartinezfayo
Copy link
Member

This change requires some additional changes in the Dockerfile and fixes in the integration tests. I've opened #4967 to address all that, so the changes in this PR are already contained there. I'll go ahead and close this one in favor of #4967.
Thank you again @jonjohnsonjr for bringing this up and make this contribution!

@amartinezfayo amartinezfayo modified the milestones: 1.9.3, 1.9.4, 1.9.5 Apr 4, 2024
@amartinezfayo amartinezfayo modified the milestones: 1.9.5, 1.9.6 May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo amartinezfayo is a code owner

@azdagron azdagron Awaiting requested review from azdagron azdagron is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@amartinezfayo amartinezfayo

Labels
None yet
Projects
None yet
Milestone
1.9.6
Development

Successfully merging this pull request may close these issues.
3 participants
@jonjohnsonjr @amartinezfayo @MarcosDY