Revert "Build and push rootless docker container (#8572)"

This reverts commit ff099a3.
semgrep · Sep 2, 2023 · 6f9d9a2 · 6f9d9a2
1 parent 7ba6d2d
commit 6f9d9a2
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 88 deletions.
diff --git a/.github/workflows/build-test-docker.yaml b/.github/workflows/build-test-docker.yaml
@@ -5,10 +5,6 @@ name: build-test-docker
 on:
   workflow_dispatch:
     inputs:
-      docker-flavor:
-        required: true
-        type: string
-        description: A multi-line string in the format accepted by docker metadata tag action for the flavor of the image
       docker-tags:
         required: true
         type: string
@@ -27,21 +23,13 @@ on:
         type: string
         description: Dockerfile to build
         default: Dockerfile
-      target:
-        required: true
-        type: string
-        description: Dockerfile target to build
       enable-tests:
         required: true
         type: boolean
         description: Whether or not to run validation on the built image
 
   workflow_call:
     inputs:
-      docker-flavor:
-        required: true
-        type: string
-        description: A multi-line string in the format accepted by docker metadata tag action for the flavor of the image
       docker-tags:
         required: true
         type: string
@@ -58,10 +46,6 @@ on:
         required: true
         type: string
         description: Dockerfile to build
-      target:
-        required: true
-        type: string
-        description: Dockerfile target to build
       enable-tests:
         required: true
         type: boolean
@@ -87,7 +71,6 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: ${{ inputs.repository-name }}
-          flavor: ${{ inputs.docker-flavor }}
           tags: ${{ inputs.docker-tags }}
       - uses: depot/setup-action@v1
       - name: Build image
@@ -100,7 +83,6 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           file: ${{ inputs.file }}
-          target: ${{ inputs.target }}
           buildx-fallback: true
       - name: Load image
         if: ${{ inputs.enable-tests }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -92,33 +92,14 @@ jobs:
     secrets: inherit
     needs: [inputs]
     with:
-      docker-flavor: |
-        latest=auto
       docker-tags: |
         type=semver,pattern={{version}}
         type=semver,pattern={{major}}.{{minor}}
       repository-name: ${{ github.repository }}
       artifact-name: image-release
       file: Dockerfile
-      target: semgrep-cli
       enable-tests: true
 
-  build-test-docker-nonroot:
-    uses: ./.github/workflows/build-test-docker.yaml
-    secrets: inherit
-    with:
-      docker-flavor: |
-        latest=auto
-        suffix=-nonroot
-      docker-tags: |
-        type=semver,pattern={{version}}
-        type=semver,pattern={{major}}.{{minor}}
-      repository-name: ${{ github.repository }}
-      artifact-name: image-release-nonroot
-      file: Dockerfile
-      target: nonroot
-      enable-tests: false
-
   build-test-osx-x86:
     uses: ./.github/workflows/build-test-osx-x86.yaml
     secrets: inherit
@@ -147,7 +128,6 @@ jobs:
     needs:
       [
         build-test-docker,
-        build-test-docker-nonroot,
         build-test-manylinux-x86,
         build-test-manylinux-aarch64,
         build-test-osx-x86,
@@ -166,15 +146,6 @@ jobs:
       repository-name: ${{ github.repository }}
       dry-run: ${{ needs.inputs.outputs.dry-run == 'true' }}
 
-  push-docker-nonroot:
-    needs: [wait-for-build-test, inputs]
-    uses: ./.github/workflows/push-docker.yaml
-    secrets: inherit
-    with:
-      artifact-name: image-release-nonroot
-      repository-name: ${{ github.repository }}
-      dry-run: ${{ needs.inputs.outputs.dry-run == 'true' }}
-
   upload-wheels:
     name: Upload Wheels to PyPI
     runs-on: ubuntu-latest

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -305,8 +305,6 @@ jobs:
     uses: ./.github/workflows/build-test-docker.yaml
     secrets: inherit
     with:
-      docker-flavor: |
-        latest=auto
       docker-tags: |
         type=semver,pattern={{version}}
         type=semver,pattern={{major}}.{{minor}}
@@ -317,7 +315,6 @@ jobs:
       artifact-name: image-test
       repository-name: ${{ github.repository }}
       file: Dockerfile
-      target: semgrep-cli
       enable-tests: true
 
   push-docker:
@@ -330,36 +327,6 @@ jobs:
       repository-name: ${{ github.repository }}
       dry-run: false
 
-  build-test-docker-nonroot:
-    uses: ./.github/workflows/build-test-docker.yaml
-    secrets: inherit
-    with:
-      docker-flavor: |
-        latest=auto
-        suffix=-nonroot
-      docker-tags: |
-        type=semver,pattern={{version}}
-        type=semver,pattern={{major}}.{{minor}}
-        type=ref,event=pr
-        type=ref,event=branch
-        type=sha,event=branch
-        type=edge
-      artifact-name: image-test-nonroot
-      repository-name: ${{ github.repository }}
-      file: Dockerfile
-      target: nonroot
-      enable-tests: false
-
-  push-docker-nonroot:
-    needs: [build-test-docker-nonroot]
-    uses: ./.github/workflows/push-docker.yaml
-    if: github.ref == 'refs/heads/develop' || (github.actor != 'dependabot[bot]' && !(github.event.pull_request.head.repo.full_name != github.repository))
-    secrets: inherit
-    with:
-      artifact-name: image-test-nonroot
-      repository-name: ${{ github.repository }}
-      dry-run: false
-
   test-semgrep-pro:
     needs: [build-test-docker, push-docker]
     uses: ./.github/workflows/test-semgrep-pro.yaml

diff --git a/Dockerfile b/Dockerfile
@@ -218,7 +218,6 @@ RUN adduser -D -u 1000 -h /home/semgrep semgrep \
 
 # Disabling defaulting to the user semgrep for now
 # We can set it by default once we fix the circle ci workflows
-# See nonroot build stage below.
 #USER semgrep
 
 # Workaround for rootless containers as git operations may fail due to dubious
@@ -233,10 +232,3 @@ RUN printf "[safe]\n	directory = /src"  > ~semgrep/.gitconfig && \
 # to interactively explore the docker image.
 CMD ["semgrep", "--help"]
 LABEL maintainer="support@semgrep.com"
-
-# Additional build stage that sets a non-root user.
-# Can't make this the default in semgrep-cli stage because of permissions errors
-# on the mounted volume when using instructions for running semgrep with docker:
-# `docker run -v "${PWD}:/src" -i returntocorp/semgrep semgrep`
-FROM semgrep-cli AS nonroot
-USER semgrep