#5 - #4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop - actions/kaniko

GuillaumeHemmen commented

2025-05-19 10:47:50 +00:00

Owner

This PR closes #4 by renaming the GitHub Actions variable from GITHUB_REF_NAME to GIT_REF_NAME, fixing secrets and artifact destination paths, and adding detailed logging of environment variables and build actions for easier troubleshooting. It also updates the Dockerfile to run installation steps as root but switches to a non-root user for runtime, and replaces the shell with a strictly POSIX-compliant variant to improve portability and security.

GuillaumeHemmen added 1 commit

2025-05-19 10:47:50 +00:00

#4 - Switch to POSIX-compliant shell and drop root privileges

/ docker-dev (push) Successful in 10s

Details

/ docker-pr (pull_request) Successful in 10s

Details

f777a7197a

Replaced bash with sh for broader compatibility, ensuring scripts work with BusyBox/dash. Updated Dockerfile to use non-root user (UID 1000) and adjusted paths and permissions accordingly. Simplified and streamlined variable checks and logic in build.sh.

GuillaumeHemmen added 1 commit

2025-05-19 10:56:01 +00:00

#4 - Change Dockerfile to run as root user

/ docker-pr (pull_request) Successful in 10s

Details

/ docker-dev (push) Successful in 11s

Details

59791e36bb

Switched the user from UID 1000 to root (UID 0) in the Dockerfile. This change allows for operations requiring elevated privileges during container execution. Ensure any downstream implications of running as root are understood and addressed.

GuillaumeHemmen added 1 commit

2025-05-19 11:18:18 +00:00

#4 - Add logging of environment variables and build actions

/ docker-pr (pull_request) Successful in 10s

Details

/ docker-dev (push) Successful in 11s

Details

47dac6b4ef

This change introduces logging of key environment variables used during the build process, with sensitive values partially masked for security. It also provides clear messaging on whether the build includes a push to the registry, improving transparency and debugging capabilities.

GuillaumeHemmen added 1 commit

2025-05-19 11:21:24 +00:00

Update variable name from GITHUB_REF_NAME to GIT_REF_NAME

/ docker-dev (push) Successful in 12s

Details

/ docker-pr (pull_request) Successful in 12s

Details

503ef5c8df

Standardize the environment variable naming for consistency across documentation and scripts. Updated all references in README.md and build.sh, ensuring functionality remains intact.

GuillaumeHemmen added 1 commit

2025-05-19 11:28:53 +00:00

#4 - Update secrets and destination in CI configuration

/ docker-pr (pull_request) Successful in 10s

Details

/ docker-dev (push) Successful in 11s

Details

afa2e7541a

Replaced outdated secret references with `docker_username` and `access_token`. Adjusted `KANIKO_DESTINATION` to point to the correct private registry and current image structure. Ensures compatibility and correct credentials for the build process.

GuillaumeHemmen changed title from ~~#4 - Switch to POSIX-compliant shell and drop root privileges~~ to #4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop

2025-05-19 11:31:09 +00:00

GuillaumeHemmen merged commit a719e4dfbc into master

2025-05-19 11:31:46 +00:00

GuillaumeHemmen deleted branch 4-script-is-not-found

2025-05-19 11:31:46 +00:00

GuillaumeHemmen referenced this pull request from a commit

2025-05-19 11:31:47 +00:00

#4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop (#5)

Rows
Columns

#4 - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop #5