#4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop #5

Merged
GuillaumeHemmen merged 5 commits from 4-script-is-not-found into master 2025-05-19 11:31:46 +00:00

This PR closes #4 by renaming the GitHub Actions variable from GITHUB_REF_NAME to GIT_REF_NAME, fixing secrets and artifact destination paths, and adding detailed logging of environment variables and build actions for easier troubleshooting. It also updates the Dockerfile to run installation steps as root but switches to a non-root user for runtime, and replaces the shell with a strictly POSIX-compliant variant to improve portability and security.

This PR closes #4 by renaming the GitHub Actions variable from GITHUB_REF_NAME to GIT_REF_NAME, fixing secrets and artifact destination paths, and adding detailed logging of environment variables and build actions for easier troubleshooting. It also updates the Dockerfile to run installation steps as root but switches to a non-root user for runtime, and replaces the shell with a strictly POSIX-compliant variant to improve portability and security.
#4 - Switch to POSIX-compliant shell and drop root privileges
All checks were successful
/ docker-dev (push) Successful in 10s
/ docker-pr (pull_request) Successful in 10s
f777a7197a
Replaced bash with sh for broader compatibility, ensuring scripts work with BusyBox/dash. Updated Dockerfile to use non-root user (UID 1000) and adjusted paths and permissions accordingly. Simplified and streamlined variable checks and logic in build.sh.
#4 - Change Dockerfile to run as root user
All checks were successful
/ docker-pr (pull_request) Successful in 10s
/ docker-dev (push) Successful in 11s
59791e36bb
Switched the user from UID 1000 to root (UID 0) in the Dockerfile. This change allows for operations requiring elevated privileges during container execution. Ensure any downstream implications of running as root are understood and addressed.
#4 - Add logging of environment variables and build actions
All checks were successful
/ docker-pr (pull_request) Successful in 10s
/ docker-dev (push) Successful in 11s
47dac6b4ef
This change introduces logging of key environment variables used during the build process, with sensitive values partially masked for security. It also provides clear messaging on whether the build includes a push to the registry, improving transparency and debugging capabilities.
Update variable name from GITHUB_REF_NAME to GIT_REF_NAME
All checks were successful
/ docker-dev (push) Successful in 12s
/ docker-pr (pull_request) Successful in 12s
503ef5c8df
Standardize the environment variable naming for consistency across documentation and scripts. Updated all references in README.md and build.sh, ensuring functionality remains intact.
#4 - Update secrets and destination in CI configuration
All checks were successful
/ docker-pr (pull_request) Successful in 10s
/ docker-dev (push) Successful in 11s
afa2e7541a
Replaced outdated secret references with `docker_username` and `access_token`. Adjusted `KANIKO_DESTINATION` to point to the correct private registry and current image structure. Ensures compatibility and correct credentials for the build process.
GuillaumeHemmen changed title from #4 - Switch to POSIX-compliant shell and drop root privileges to #4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop 2025-05-19 11:31:09 +00:00
GuillaumeHemmen deleted branch 4-script-is-not-found 2025-05-19 11:31:46 +00:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: actions/kaniko#5
No description provided.