Merge pull request #58 from datastax/dockerfile_updates

Adjusted user creation in UBI 8 image
datastax · Apr 18, 2024 · 0893875 · 0893875
2 parents 0cd2531 + d801fbb
commit 0893875
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 70 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -6,6 +6,9 @@ COPY . .
 
 RUN ./gradlew copyDockerBuildCtx
 
+
+#############################################################
+
 # The datastax base image is not multiarch presently, so we use the openjdk
 # image as our base for arm builds instead.
 FROM eclipse-temurin:8-jdk as cass-config-builder
@@ -30,17 +33,23 @@ ENTRYPOINT ["/usr/local/bin/entrypoint"]
 
 USER ${USER_UID}
 
-FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 AS builder-ubi
+#############################################################
+
+FROM redhat/ubi8-minimal:8.9 AS builder-ubi
 
 # Update the builder packages and create user
 RUN microdnf update && rm -rf /var/cache/yum && \
-    microdnf install shadow-utils && microdnf clean all && \
+    microdnf install shadow-utils findutils && microdnf clean all && \
     useradd -r -s /bin/false -U -G root cassandra
 
-#############################################################
+COPY --from=builder --chown=cassandra:root build/docker/definitions /definitions
+
+RUN find /definitions -type d -exec chmod 0775 {} \;
 
-FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 as cass-config-builder-ubi
+#############################################################
 
+# Build the UBI8 image
+FROM redhat/ubi8-minimal:8.9 as cass-config-builder-ubi
 LABEL maintainer="DataStax, Inc <info@datastax.com>"
 LABEL name="cass-config-builder"
 LABEL vendor="DataStax, Inc"
@@ -54,58 +63,20 @@ RUN microdnf update && \
     microdnf install java-1.8.0-openjdk-headless && \
     microdnf clean all
 
-# Copy user accounts information
-COPY --from=builder-ubi /etc/passwd /etc/passwd
-COPY --from=builder-ubi /etc/shadow /etc/shadow
-COPY --from=builder-ubi /etc/group /etc/group
-COPY --from=builder-ubi /etc/gshadow /etc/gshadow
-
-# Install the uber jar
-COPY --from=builder build/docker/*.jar /usr/local/bin/
-
-# Install definition files
-COPY --from=builder build/docker/definitions /definitions
-
-COPY --from=builder build/docker/bin/* /usr/local/bin/
-
-COPY --from=builder build/docker/LICENSE /licenses/
-
-# Fix permissions
-RUN chown cassandra:root -Rv /usr/local/bin/* && \
-    chmod -Rv g+x /usr/local/bin
-
-USER cassandra:root
-
-ENV PATH=$PATH:/usr/local/bin
-
-ENTRYPOINT ["/usr/local/bin/entrypoint"]
-
-# Build the UBI8 image
-FROM registry.access.redhat.com/ubi8/openjdk-8:1.18 as cass-config-builder-ubi-8
-LABEL maintainer="DataStax, Inc <info@datastax.com>"
-LABEL name="cass-config-builder"
-LABEL vendor="DataStax, Inc"
-LABEL release="1.0.0"
-LABEL summary="Configuration templating engine for Apache Cassandra®."
-LABEL description="Configuration templating engine for Apache Cassandra®. Powers the configuration of containers deployed via the DataStax Kubernetes Operator for Apache Cassandra."
-
-# Create user
-USER root
-RUN microdnf install shadow-utils && useradd -r -s /bin/false -U -G root cassandra
+# Copy user account information
+COPY --from=builder-ubi /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/
 
 # Install the uber jar
-COPY --from=builder build/docker/*.jar /usr/local/bin/
+COPY --from=builder --chown=cassandra:root build/docker/*.jar /usr/local/bin/
 
 # Install definition files
-COPY --from=builder build/docker/definitions /definitions
-
-COPY --from=builder build/docker/bin/* /usr/local/bin/
+COPY --from=builder-ubi --chown=cassandra:root /definitions /definitions
 
-COPY --from=builder build/docker/LICENSE /licenses/
+# Install scripts
+COPY --from=builder --chown=cassandra:root build/docker/bin/* /usr/local/bin/
 
-# Fix permissions
-RUN chown cassandra:root -Rv /usr/local/bin/* && \
-    chmod -Rv g+x /usr/local/bin
+# Install licenses
+COPY --from=builder --chown=cassandra:root build/docker/LICENSE /licenses/
 
 USER cassandra:root
 

diff --git a/scripts/build-push-images.sh b/scripts/build-push-images.sh
@@ -16,8 +16,7 @@ RELEASE_VERSION="${VERSION_NUMBER}-${VERSION_DATE}"
 GH_REPOSITORY="ghcr.io/${GITHUB_REPO_OWNER}/cass-config-builder/cass-config-builder"
 
 GH_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}")
-GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi7")
-GH_UBI8_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi8")
+GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi")
 GH_ARM64_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-arm64")
 
 LABELS=(
@@ -45,11 +44,6 @@ UBI_ARGS=(
   --target cass-config-builder-ubi
 )
 
-UBI8_ARGS=(
-  "${COMMON_ARGS[@]}"
-  --target cass-config-builder-ubi-8
-)
-
 # GitHub packages does not presently support multiarch images, so we
 # will have to create independent tags for each arch. This feature is
 # coming though:
@@ -75,19 +69,7 @@ docker buildx build --load \
   --platform linux/amd64 \
   .
 
-docker buildx build --load \
-  "${GH_UBI8_TAGS[@]}" \
-  "${UBI8_ARGS[@]}" \
-  --platform linux/amd64 \
-  .
-
-docker buildx build --load \
-  "${GH_UBI8_TAGS[@]}" \
-  "${UBI8_ARGS[@]}" \
-  --platform linux/arm64 \
-  .
-
-TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}" "${GH_UBI8_TAGS[@]}")
+TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}")
 echo "Pushing tags: " "${TAGS_TO_PUSH[@]}"
 
 # Note: Every even index of TAGS_TO_PUSH will be the string '--tag'