From 5502ee375297bbc340192f1b7c9c02e885911283 Mon Sep 17 00:00:00 2001
From: Jon Johnson <jon.johnson@chainguard.dev>
Date: Tue, 6 Feb 2024 09:45:30 -0800
Subject: [PATCH] Fix use of ARG for users in Dockerfile

An ARG is scoped to a specific build stage, so these later stages end up
with the user being ":" instead of "1000:1000".

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
---
 Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 972b628412..369ebe4e17 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -71,6 +71,8 @@ COPY --link --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
 # SPIRE Server
 FROM spire-base AS spire-server
+ARG spireuid=1000
+ARG spiregid=1000
 USER ${spireuid}:${spiregid}
 ENTRYPOINT ["/opt/spire/bin/spire-server", "run"]
 COPY --link --from=builder /spireserverroot /
@@ -78,6 +80,8 @@ COPY --link --from=builder /spire/bin/static/spire-server bin/
 
 # SPIRE Agent
 FROM spire-base AS spire-agent
+ARG spireuid=1000
+ARG spiregid=1000
 USER ${spireuid}:${spiregid}
 ENTRYPOINT ["/opt/spire/bin/spire-agent", "run"]
 COPY --link --from=builder /spireagentroot /
@@ -85,6 +89,8 @@ COPY --link --from=builder /spire/bin/static/spire-agent bin/
 
 # OIDC Discovery Provider
 FROM spire-base AS oidc-discovery-provider
+ARG spireuid=1000
+ARG spiregid=1000
 USER ${spireuid}:${spiregid}
 ENTRYPOINT ["/opt/spire/bin/oidc-discovery-provider"]
 COPY --link --from=builder /spire/bin/static/oidc-discovery-provider bin/