-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
Dockerfile
55 lines (45 loc) · 1.93 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
FROM arm64v8/buildpack-deps:noble-curl AS chisel
RUN apt-get update && apt-get install -y file
RUN curl -fSL --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v0.10.0/chisel_v0.10.0_linux_arm64.tar.gz \
&& chisel_sha512='0793124925000cc0103bce1b0f689520866565ba6d0841a3f5dcf4c1c6ffd753d059d9aa068d901f9422b4742fa51c9aa8e848f0751257329a35d99435d5cc1b' \
&& echo "$chisel_sha512 chisel.tar.gz" | sha512sum -c - \
&& tar -xzf chisel.tar.gz -C /usr/bin/ chisel \
&& curl -fSL --output /usr/bin/chisel-wrapper https://raw.githubusercontent.com/canonical/rocks-toolbox/v1.1.2/chisel-wrapper \
&& chmod 755 /usr/bin/chisel-wrapper
RUN groupadd \
--gid=1654 \
app \
&& useradd -l \
--uid=1654 \
--gid=1654 \
--shell /bin/false \
app \
&& install -d -m 0755 -o 1654 -g 1654 "/rootfs/home/app" \
&& mkdir -p "/rootfs/etc" \
&& rootOrAppRegex='^\(root\|app\):' \
&& cat /etc/passwd | grep $rootOrAppRegex > "/rootfs/etc/passwd" \
&& cat /etc/group | grep $rootOrAppRegex > "/rootfs/etc/group"
RUN mkdir -p /rootfs/var/lib/dpkg/ \
&& chisel-wrapper --generate-dpkg-status /rootfs/var/lib/dpkg/status -- \
--release ubuntu-24.04 --root /rootfs \
base-files_base \
base-files_release-info \
ca-certificates_data \
libc6_libs \
libgcc-s1_libs \
libicu74_libs \
libssl3t64_libs \
libstdc++6_libs \
tzdata_zoneinfo
FROM scratch
COPY --from=chisel /rootfs /
ENV \
# UID of the non-root user 'app'
APP_UID=1654 \
# Configure web servers to bind to port 8080 when present
ASPNETCORE_HTTP_PORTS=8080 \
# Enable detection of running in a container
DOTNET_RUNNING_IN_CONTAINER=true
# Workaround for https://github.com/moby/moby/issues/38710
COPY --from=chisel --chown=$APP_UID:$APP_UID /rootfs/home/app /home/app
USER $APP_UID