From d99b7c7f0b89d4068e24b73a69f51c5c3fa2fd9b Mon Sep 17 00:00:00 2001 From: Alexandru Gologan Date: Fri, 15 Mar 2024 16:43:32 +0200 Subject: [PATCH] Switch base image to distroless --- Dockerfile | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index e7a9c934d..52269895c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------------ # Builder Stage # ------------------------------------------------------------------------------ -FROM golang:1.20-bullseye AS build +FROM golang:1.20-bookworm AS build WORKDIR /build @@ -14,31 +14,12 @@ COPY pkg/ pkg/ COPY .git/ . RUN make build -# ------------------------------------------------------------------------------ -# Fetch signing key -# ------------------------------------------------------------------------------ -FROM debian:bullseye-slim AS keyring -ADD https://www.postgresql.org/media/keys/ACCC4CF8.asc keyring.asc -RUN apt-get update && \ - apt-get install -qq --no-install-recommends gpg -RUN gpg -o keyring.pgp --dearmor keyring.asc - # ------------------------------------------------------------------------------ # Release Stage # ------------------------------------------------------------------------------ -FROM debian:bullseye-slim - -ARG keyring=/usr/share/keyrings/postgresql-archive-keyring.pgp -COPY --from=keyring /keyring.pgp $keyring -RUN . /etc/os-release && \ - echo "deb [signed-by=${keyring}] http://apt.postgresql.org/pub/repos/apt/ ${VERSION_CODENAME}-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ - apt-get update && \ - apt-get install -qq --no-install-recommends ca-certificates openssl netcat curl postgresql-client +FROM gcr.io/distroless/base-debian12 COPY --from=build /build/pgweb /usr/bin/pgweb -RUN useradd --uid 1000 --no-create-home --shell /bin/false pgweb -USER pgweb - EXPOSE 8081 ENTRYPOINT ["/usr/bin/pgweb", "--bind=0.0.0.0", "--listen=8081"]