Adjusted user creation in UBI 8 image

Added chown and chmod flags to COPY commands Added update step to UBI 8 Updated UBI 8 to point at Docker Hub container Removed UBI 7 container Add execute bit to definitions - Omission led to issues with scanning directory for definitions
datastax · Apr 17, 2024 · ddf52d1 · ddf52d1
1 parent 0cd2531
commit ddf52d1
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 64 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -6,6 +6,8 @@ COPY . .
 
 RUN ./gradlew copyDockerBuildCtx
 
+#############################################################
+
 # The datastax base image is not multiarch presently, so we use the openjdk
 # image as our base for arm builds instead.
 FROM eclipse-temurin:8-jdk as cass-config-builder
@@ -30,7 +32,9 @@ ENTRYPOINT ["/usr/local/bin/entrypoint"]
 
 USER ${USER_UID}
 
-FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 AS builder-ubi
+#############################################################
+
+FROM redhat/ubi8-minimal:8.9 AS builder-ubi
 
 # Update the builder packages and create user
 RUN microdnf update && rm -rf /var/cache/yum && \
@@ -39,8 +43,8 @@ RUN microdnf update && rm -rf /var/cache/yum && \
 
 #############################################################
 
-FROM registry.access.redhat.com/ubi7/ubi-minimal:7.9 as cass-config-builder-ubi
-
+# Build the UBI8 image
+FROM redhat/ubi8-minimal:8.9 as cass-config-builder-ubi
 LABEL maintainer="DataStax, Inc <info@datastax.com>"
 LABEL name="cass-config-builder"
 LABEL vendor="DataStax, Inc"
@@ -61,51 +65,16 @@ COPY --from=builder-ubi /etc/group /etc/group
 COPY --from=builder-ubi /etc/gshadow /etc/gshadow
 
 # Install the uber jar
-COPY --from=builder build/docker/*.jar /usr/local/bin/
+COPY --from=builder --chown=cassandra:root --chmod=444 build/docker/*.jar /usr/local/bin/
 
 # Install definition files
-COPY --from=builder build/docker/definitions /definitions
-
-COPY --from=builder build/docker/bin/* /usr/local/bin/
-
-COPY --from=builder build/docker/LICENSE /licenses/
-
-# Fix permissions
-RUN chown cassandra:root -Rv /usr/local/bin/* && \
-    chmod -Rv g+x /usr/local/bin
-
-USER cassandra:root
-
-ENV PATH=$PATH:/usr/local/bin
-
-ENTRYPOINT ["/usr/local/bin/entrypoint"]
-
-# Build the UBI8 image
-FROM registry.access.redhat.com/ubi8/openjdk-8:1.18 as cass-config-builder-ubi-8
-LABEL maintainer="DataStax, Inc <info@datastax.com>"
-LABEL name="cass-config-builder"
-LABEL vendor="DataStax, Inc"
-LABEL release="1.0.0"
-LABEL summary="Configuration templating engine for Apache Cassandra®."
-LABEL description="Configuration templating engine for Apache Cassandra®. Powers the configuration of containers deployed via the DataStax Kubernetes Operator for Apache Cassandra."
-
-# Create user
-USER root
-RUN microdnf install shadow-utils && useradd -r -s /bin/false -U -G root cassandra
-
-# Install the uber jar
-COPY --from=builder build/docker/*.jar /usr/local/bin/
-
-# Install definition files
-COPY --from=builder build/docker/definitions /definitions
-
-COPY --from=builder build/docker/bin/* /usr/local/bin/
+COPY --from=builder --chown=cassandra:root --chmod=555 build/docker/definitions /definitions
 
-COPY --from=builder build/docker/LICENSE /licenses/
+# Install scripts
+COPY --from=builder --chown=cassandra:root --chmod=555 build/docker/bin/* /usr/local/bin/
 
-# Fix permissions
-RUN chown cassandra:root -Rv /usr/local/bin/* && \
-    chmod -Rv g+x /usr/local/bin
+# Install licenses
+COPY --from=builder --chown=cassandra:root --chmod=444 build/docker/LICENSE /licenses/
 
 USER cassandra:root
 

diff --git a/scripts/build-push-images.sh b/scripts/build-push-images.sh
@@ -16,8 +16,7 @@ RELEASE_VERSION="${VERSION_NUMBER}-${VERSION_DATE}"
 GH_REPOSITORY="ghcr.io/${GITHUB_REPO_OWNER}/cass-config-builder/cass-config-builder"
 
 GH_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}")
-GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi7")
-GH_UBI8_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi8")
+GH_UBI_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-ubi")
 GH_ARM64_TAGS=(--tag "${GH_REPOSITORY}:${RELEASE_VERSION}-arm64")
 
 LABELS=(
@@ -45,11 +44,6 @@ UBI_ARGS=(
   --target cass-config-builder-ubi
 )
 
-UBI8_ARGS=(
-  "${COMMON_ARGS[@]}"
-  --target cass-config-builder-ubi-8
-)
-
 # GitHub packages does not presently support multiarch images, so we
 # will have to create independent tags for each arch. This feature is
 # coming though:
@@ -75,19 +69,7 @@ docker buildx build --load \
   --platform linux/amd64 \
   .
 
-docker buildx build --load \
-  "${GH_UBI8_TAGS[@]}" \
-  "${UBI8_ARGS[@]}" \
-  --platform linux/amd64 \
-  .
-
-docker buildx build --load \
-  "${GH_UBI8_TAGS[@]}" \
-  "${UBI8_ARGS[@]}" \
-  --platform linux/arm64 \
-  .
-
-TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}" "${GH_UBI8_TAGS[@]}")
+TAGS_TO_PUSH=("${GH_ARM64_TAGS[@]}" "${GH_TAGS[@]}" "${GH_UBI_TAGS[@]}")
 echo "Pushing tags: " "${TAGS_TO_PUSH[@]}"
 
 # Note: Every even index of TAGS_TO_PUSH will be the string '--tag'