diff --git a/Dockerfile b/Dockerfile index f4dddd9..e3cf8aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,46 +10,39 @@ ARG VERSION # # Note: Additional labels are added by the build workflow. ### -LABEL org.opencontainers.image.authors="mark.feldhousen@cisa.dhs.gov" +# github@cisa.dhs.gov is a very generic email distribution, and it is +# unlikely that anyone on that distribution is familiar with the +# particulars of your repository. It is therefore *strongly* +# suggested that you use an email address here that is specific to the +# person or group that maintains this repository; for example: +# LABEL org.opencontainers.image.authors="vm-fusion-dev-group@trio.dhs.gov" +LABEL org.opencontainers.image.authors="github@cisa.dhs.gov" LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency" ### # Unprivileged user setup variables ### -ARG CISA_GID=421 -ARG CISA_UID=${CISA_GID} -ENV CISA_USER="cisa" +ARG CISA_UID=421 +ARG CISA_GID=${CISA_UID} +ARG CISA_USER="cisa" ENV CISA_GROUP=${CISA_USER} -ENV CISA_HOME="/home/cisa" +ENV CISA_HOME="/home/${CISA_USER}" ### -# Unprivileged user setup dependencies -# -# Install shadow, so we have adduser and addgroup. +# Upgrade the system # # Note that we use apk --no-cache to avoid writing to a local cache. # This results in a smaller final image, at the cost of slightly # longer install times. -# -# Setup user dependencies are only needed for setting up the user and -# will be removed at the end of that process. ### -ENV SETUP_USER_DEPS \ - shadow RUN apk --update --no-cache --quiet upgrade -RUN apk --no-cache --quiet add ${SETUP_USER_DEPS} ### # Create unprivileged user ### -RUN addgroup --system --gid ${CISA_UID} ${CISA_GROUP} \ +RUN addgroup --system --gid ${CISA_GID} ${CISA_GROUP} \ && adduser --system --uid ${CISA_UID} --ingroup ${CISA_GROUP} ${CISA_USER} -### -# Remove build dependencies for unprivileged user -### -RUN apk --no-cache --quiet del ${SETUP_USER_DEPS} - ### # Dependencies # @@ -82,17 +75,17 @@ WORKDIR ${CISA_HOME} # slightly longer install times. ### RUN wget --output-document sourcecode.tgz \ - https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz && \ - tar --extract --gzip --file sourcecode.tgz --strip-components=1 && \ - pip install --no-cache-dir --requirement requirements.txt && \ - ln -snf /run/secrets/quote.txt src/example/data/secret.txt && \ - rm sourcecode.tgz + https://github.com/cisagov/skeleton-python-library/archive/v${VERSION}.tar.gz \ + && tar --extract --gzip --file sourcecode.tgz --strip-components=1 \ + && pip install --no-cache-dir --requirement requirements.txt \ + && ln -snf /run/secrets/quote.txt src/example/data/secret.txt \ + && rm sourcecode.tgz ### # Prepare to run ### ENV ECHO_MESSAGE="Hello World from Dockerfile" -USER cisa +USER ${CISA_USER} EXPOSE 8080/TCP VOLUME ["/var/log"] ENTRYPOINT ["example"]