Restore Dockerfile changes from review

I accidentally clobbered these changes when I was updating cisagov/skeleton-docker#135 for merge. This restores the changes made during review as well as fixing a missed reference to the CISA_USER argument. Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
cisagov · Nov 22, 2022 · 8c73bf4 · 8c73bf4
1 parent 81f6c71
commit 8c73bf4
Showing 1 changed file with 19 additions and 26 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -10,46 +10,39 @@ ARG VERSION
 #
 # Note: Additional labels are added by the build workflow.
 ###
-LABEL org.opencontainers.image.authors="mark.feldhousen@cisa.dhs.gov"
+# github@cisa.dhs.gov is a very generic email distribution, and it is
+# unlikely that anyone on that distribution is familiar with the
+# particulars of your repository.  It is therefore *strongly*
+# suggested that you use an email address here that is specific to the
+# person or group that maintains this repository; for example:
+# LABEL org.opencontainers.image.authors="vm-fusion-dev-group@trio.dhs.gov"
+LABEL org.opencontainers.image.authors="github@cisa.dhs.gov"
 LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"
 
 ###
 # Unprivileged user setup variables
 ###
-ARG CISA_GID=421
-ARG CISA_UID=${CISA_GID}
-ENV CISA_USER="cisa"
+ARG CISA_UID=421
+ARG CISA_GID=${CISA_UID}
+ARG CISA_USER="cisa"
 ENV CISA_GROUP=${CISA_USER}
-ENV CISA_HOME="/home/cisa"
+ENV CISA_HOME="/home/${CISA_USER}"
 
 ###
-# Unprivileged user setup dependencies
-#
-# Install shadow, so we have adduser and addgroup.
+# Upgrade the system
 #
 # Note that we use apk --no-cache to avoid writing to a local cache.
 # This results in a smaller final image, at the cost of slightly
 # longer install times.
-#
-# Setup user dependencies are only needed for setting up the user and
-# will be removed at the end of that process.
 ###
-ENV SETUP_USER_DEPS \
-    shadow
 RUN apk --update --no-cache --quiet upgrade
-RUN apk --no-cache --quiet add ${SETUP_USER_DEPS}
 
 ###
 # Create unprivileged user
 ###
-RUN addgroup --system --gid ${CISA_UID} ${CISA_GROUP} \
+RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \
     && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER}
 
-###
-# Remove build dependencies for unprivileged user
-###
-RUN apk --no-cache --quiet del ${SETUP_USER_DEPS}
-
 ###
 # Dependencies
 #
@@ -82,17 +75,17 @@ WORKDIR ${CISA_HOME}
 # slightly longer install times.
 ###
 RUN wget --output-document sourcecode.tgz \
-    https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz && \
-    tar --extract --gzip --file sourcecode.tgz --strip-components=1 && \
-    pip install --no-cache-dir --requirement requirements.txt && \
-    ln -snf /run/secrets/quote.txt src/example/data/secret.txt && \
-    rm sourcecode.tgz
+    https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz \
+    && tar --extract --gzip --file sourcecode.tgz --strip-components=1 \
+    && pip install --no-cache-dir --requirement requirements.txt \
+    && ln -snf /run/secrets/quote.txt src/example/data/secret.txt \
+    && rm sourcecode.tgz
 
 ###
 # Prepare to run
 ###
 ENV ECHO_MESSAGE="Hello World from Dockerfile"
-USER cisa
+USER ${CISA_USER}
 EXPOSE 8080/TCP
 VOLUME ["/var/log"]
 ENTRYPOINT ["example"]