From ca4f64aaf1f3944168f3cbe1070ff3bbb59a3ad8 Mon Sep 17 00:00:00 2001 From: Anders Eknert Date: Fri, 4 Mar 2022 13:01:51 +0100 Subject: [PATCH] Use gid=1000 in -rootless images Fixes #4380 Signed-off-by: Anders Eknert --- .github/workflows/pull-request.yaml | 3 +++ Makefile | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 3e45e57226..32b9b4d0d7 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -195,6 +195,9 @@ jobs: - name: Check out code uses: actions/checkout@v3 + - name: Download OPA + uses: open-policy-agent/setup-opa@v1 + - name: Set up QEMU uses: docker/setup-qemu-action@v1 with: diff --git a/Makefile b/Makefile index ff7e377321..b6861d80f7 100644 --- a/Makefile +++ b/Makefile @@ -349,7 +349,7 @@ ifneq ($(GOARCH),arm64) # build only static images for arm64 . $(DOCKER) build \ -t $(DOCKER_IMAGE):$(VERSION)-rootless \ - --build-arg USER=1000 \ + --build-arg USER=1000:1000 \ --build-arg BASE=gcr.io/distroless/cc \ --build-arg BIN_DIR=$(RELEASE_DIR) \ --platform linux/$* \ @@ -382,7 +382,7 @@ push-manifest-list-%: ensure-executable-bin . $(DOCKER) buildx build \ --tag $(DOCKER_IMAGE):$*-rootless \ - --build-arg USER=1000 \ + --build-arg USER=1000:1000 \ --build-arg BASE=gcr.io/distroless/cc \ --build-arg BIN_DIR=$(RELEASE_DIR) \ --platform $(DOCKER_PLATFORMS) \ @@ -407,6 +407,8 @@ ifneq ($(GOARCH),arm64) # we build only static images for arm64 $(DOCKER) run --platform linux/$* $(DOCKER_IMAGE):$(VERSION) version $(DOCKER) run --platform linux/$* $(DOCKER_IMAGE):$(VERSION)-debug version $(DOCKER) run --platform linux/$* $(DOCKER_IMAGE):$(VERSION)-rootless version + + $(DOCKER) image inspect $(DOCKER_IMAGE):$(VERSION)-rootless | opa eval --fail --format raw --stdin-input 'input[0].Config.User = "1000:1000"' endif $(DOCKER) run --platform linux/$* $(DOCKER_IMAGE):$(VERSION)-static version