ci: Use distroless container as runtime container

Polimec · Feb 14, 2023 · 97aea40 · 97aea40
1 parent f0cec4c
commit 97aea40
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 12 deletions.
diff --git a/.containerignore → .dockerignore b/.containerignore → .dockerignore
diff --git a/Containerfile → Dockerfile b/Containerfile → Dockerfile
@@ -6,21 +6,10 @@ COPY . /polimec
 RUN cargo build --locked --release
 
 # This is the 2nd stage: a very small image where we copy the Polkadot binary."
-FROM docker.io/library/ubuntu:20.04
+FROM gcr.io/distroless/cc
 ARG PACKAGE
 COPY --from=builder /polimec/target/release/$PACKAGE /usr/local/bin/polimec
 
-RUN useradd -m -u 1000 -U -s /bin/sh -d /polimec polimec && \
-	mkdir -p /data /polimec/.local/share && \
-	chown -R polimec:polimec /data && \
-	ln -s /data /polimec/.local/share/polimec && \
-# unclutter and minimize the attack surface
-	rm -rf /usr/bin /usr/sbin && \
-# check if executable works in this container
-	/usr/local/bin/polimec --version
-
-USER polimec
-
 EXPOSE 30333 9933 9944 9615
 VOLUME ["/data"]