actions/kaniko
actions/kaniko
1
0
Fork 0
Code Issues Pull requests Releases Packages1 Activity Actions
kaniko/Dockerfile
Guillaume B.B. Van Hemmen a719e4dfbc - CI pipeline & Dockerfile hardening: env var rename, extended logging, POSIX shell, privilege drop () 
This PR closes  by renaming the GitHub Actions variable from GITHUB_REF_NAME to GIT_REF_NAME, fixing secrets and artifact destination paths, and adding detailed logging of environment variables and build actions for easier troubleshooting. It also updates the Dockerfile to run installation steps as root but switches to a non-root user for runtime, and replaces the shell with a strictly POSIX-compliant variant to improve portability and security.

Reviewed-on: 
Co-authored-by: Guillaume B.B. Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
Co-committed-by: Guillaume B.B. Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
2025-05-19 11:31:45 +00:00

47 lines
2.1 KiB
Docker
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# syntax=docker/dockerfile:1.4
###############################################################################
# Custom Kaniko builder
#
# Base image : gcr.io/kaniko-project/executor:debug
# Maintainer : Guillaume "B.B" Van Hemmen <guillaume@van-hemmen.com>
# Repository : https://git.van-hemmen.com/actions/kaniko
###############################################################################
FROM gcr.io/kaniko-project/executor:debug
#-----------------------------------------------------------------------------
# Build-time args (optionally provided via --build-arg / Kaniko flags)
#-----------------------------------------------------------------------------
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION
#-----------------------------------------------------------------------------
# OCI / Docker annotations
#-----------------------------------------------------------------------------
LABEL \
org.opencontainers.image.title="Kaniko Builder" \
org.opencontainers.image.description="Fork of Googles Kaniko debug image with build.sh as entrypoint" \
org.opencontainers.image.url="https://git.van-hemmen.com/actions/kaniko" \
org.opencontainers.image.source="https://git.van-hemmen.com/actions/kaniko" \
org.opencontainers.image.version="${VERSION:-unknown}" \
org.opencontainers.image.created="${BUILD_DATE:-unknown}" \
org.opencontainers.image.revision="${VCS_REF:-unknown}" \
org.opencontainers.image.licenses="APACHE 2.0" \
org.opencontainers.image.authors="Guillaume \"B.B\" Van Hemmen <guillaume@van-hemmen.com>" \
maintainer="Guillaume \"B.B\" Van Hemmen <guillaume@van-hemmen.com>"
#-----------------------------------------------------------------------------
# Copy artefacts & make the wrapper executable
#-----------------------------------------------------------------------------
COPY --chmod=0755 build.sh /bin/build.sh
COPY LICENSE /LICENSE
RUN chmod +x /bin/build.sh
# Drop root privileges (UID 1000 exists in the base image)
USER 0
#-----------------------------------------------------------------------------
# Runtime entrypoint
#-----------------------------------------------------------------------------
ENTRYPOINT ["/bin/build.sh"]
Reference in a new issue View git blame Copy permalink