-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
Copy pathDockerfile
55 lines (45 loc) · 2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
FROM amd64/buildpack-deps:noble-curl AS chisel
RUN apt-get update && apt-get install -y file
RUN curl -fSL --output chisel.tar.gz /~https://github.com/canonical/chisel/releases/download/v1.0.0/chisel_v1.0.0_linux_amd64.tar.gz \
&& chisel_sha384='655ca8f45e6f052ab60a4acfeca5017c7d992035e0e4a01f78881c0fe45f2103ce2f18a352ddc8f5fb88bfdd1ed8cc6b' \
&& echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \
&& tar -xzf chisel.tar.gz -C /usr/bin/ chisel \
&& curl -fSL --output /usr/bin/chisel-wrapper https://raw.githubusercontent.com/canonical/rocks-toolbox/v1.1.2/chisel-wrapper \
&& chmod 755 /usr/bin/chisel-wrapper
RUN groupadd \
--gid=1654 \
app \
&& useradd -l \
--uid=1654 \
--gid=1654 \
--shell /bin/false \
app \
&& install -d -m 0755 -o 1654 -g 1654 "/rootfs/home/app" \
&& mkdir -p "/rootfs/etc" \
&& rootOrAppRegex='^\(root\|app\):' \
&& cat /etc/passwd | grep $rootOrAppRegex > "/rootfs/etc/passwd" \
&& cat /etc/group | grep $rootOrAppRegex > "/rootfs/etc/group"
RUN mkdir -p /rootfs/var/lib/dpkg/ \
&& chisel-wrapper --generate-dpkg-status /rootfs/var/lib/dpkg/status -- \
--release ubuntu-24.04 --root /rootfs \
base-files_base \
base-files_release-info \
ca-certificates_data \
libc6_libs \
libgcc-s1_libs \
libssl3t64_libs \
libstdc++6_libs
FROM scratch
COPY --from=chisel /rootfs /
ENV \
# UID of the non-root user 'app'
APP_UID=1654 \
# Configure web servers to bind to port 8080 when present
ASPNETCORE_HTTP_PORTS=8080 \
# Enable detection of running in a container
DOTNET_RUNNING_IN_CONTAINER=true \
# Set the invariant mode since ICU package isn't included (see /~https://github.com/dotnet/announcements/issues/20)
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
# Workaround for /~https://github.com/moby/moby/issues/38710
COPY --from=chisel --chown=$APP_UID:$APP_UID /rootfs/home/app /home/app
USER $APP_UID