From 885591a9f4a4dcac7621ec1a1dd69f558f7a4167 Mon Sep 17 00:00:00 2001
From: Anthony Fitzroy <101649764+AntFMoJ@users.noreply.github.com>
Date: Thu, 18 Apr 2024 11:57:50 +0100
Subject: [PATCH] Migrate kubectl image from data platform (#2)

* migrate image build

* fixed container-structure-test pt.1

* Update Makefile

* update README

* Fixed linting pt.1

* Update README.md

Co-authored-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>

---------

Co-authored-by: Gary H <26419401+Gary-H9@users.noreply.github.com>
Co-authored-by: Emterry <123941245+Emterry@users.noreply.github.com>
Co-authored-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>
---
 .devcontainer/devcontainer.json   |   2 +-
 .github/workflows/scan-image.yml  |   6 +-
 Dockerfile                        |  75 +++++++++------------
 Makefile                          |  39 +++++++----
 README.md                         | 107 ++++++++----------------------
 test/container-structure-test.yml |  18 ++---
 6 files changed, 99 insertions(+), 148 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 175f026..960da76 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,5 +1,5 @@
 {
-  "name": "analytical-platform-image-build-template",
+  "name": "analytical-platform-kubectl",
   "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {},
diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml
index 697bc55..1563e75 100644
--- a/.github/workflows/scan-image.yml
+++ b/.github/workflows/scan-image.yml
@@ -26,13 +26,13 @@ jobs:
         with:
           push: false
           load: true
-          tags: analytical-platform-image-build-template
+          tags: analytical-platform-kubectl
 
       - name: Scan Image
         id: scan_image
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
-          image-ref: analytical-platform-image-build-template
+          image-ref: analytical-platform-kubectl
           exit-code: 1
           format: sarif
           output: trivy-results.sarif
@@ -51,7 +51,7 @@ jobs:
         id: scan_image_on_failure
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
-          image-ref: analytical-platform-image-build-template
+          image-ref: analytical-platform-kubectl
           exit-code: 1
           format: table
           severity: CRITICAL
diff --git a/Dockerfile b/Dockerfile
index 4063e61..e8dddef 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,49 +1,38 @@
 # checkov:skip=CKV_DOCKER_2:Healthcheck instructions have not been added to container images
-# This image is an example base image for this template and can be replaced to fit user needs
-FROM public.ecr.aws/ubuntu/ubuntu@sha256:12fb86d81bc4504d8261a91c83c54b9e5dcdf1d833ba0fe42ec9e0ee09a2b0ba
+FROM docker.io/alpine:3.19.1
 
 LABEL org.opencontainers.image.vendor="Ministry of Justice" \
-      org.opencontainers.image.authors="Analytical Platform (analytical-platform@digital.justice.gov.uk)"\
-      org.opencontainers.image.title="{image title}" \
-      org.opencontainers.image.description="{decription}" \
-      org.opencontainers.image.url="{your repo url}"
-
-ENV CONTAINER_USER="analyticalplatform" \
-    CONTAINER_UID="1000" \
-    CONTAINER_GROUP="analyticalplatform" \
-    CONTAINER_GID="1000" \
-    DEBIAN_FRONTEND="noninteractive"
-
-SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
-
-# User
-RUN <<EOF
-groupadd \
-  --gid ${CONTAINER_GID} \
-  ${CONTAINER_GROUP}
-
-useradd \
-  --uid ${CONTAINER_UID} \
-  --gid ${CONTAINER_GROUP} \
-  --create-home \
-  --shell /bin/bash \
-  ${CONTAINER_USER}
-EOF
-
-# Base
-RUN <<EOF
-apt-get update --yes
-
-apt-get install --yes \
-  "apt-transport-https=2.4.12" \
-  "curl=7.81.0-1ubuntu1.16"
-
-apt-get clean --yes
-
-rm --force --recursive /var/lib/apt/lists/*
-EOF
+      org.opencontainers.image.authors="Analytical Platform" \
+      org.opencontainers.image.title="kubectl Image" \
+      org.opencontainers.image.description="kubectl image for Analytical Platform" \
+      org.opencontainers.image.url="https://github.com/ministryofjustice/analytical-platform-kubectl"
+
+ARG KUBECTL_VERSION="v1.28.4"
+
+ENV CONTAINER_GID="10000" \
+    CONTAINER_GROUP="nonroot" \
+    CONTAINER_UID="10000" \
+    CONTAINER_USER="nonroot" \
+    CONTAINER_HOME="/app"
+
+RUN addgroup \
+      --gid ${CONTAINER_GID} \
+      --system \
+      ${CONTAINER_GROUP} \
+    && adduser \
+      --uid ${CONTAINER_UID} \
+      --ingroup ${CONTAINER_GROUP} \
+      --disabled-password \
+      ${CONTAINER_USER} \
+    && mkdir --parents ${CONTAINER_HOME} \
+    && chown --recursive ${CONTAINER_USER}:${CONTAINER_GROUP} ${CONTAINER_HOME} \
+    && apk add --no-cache --virtual build \
+      curl==8.5.0-r0 \
+    && curl --location "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
+      --output /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl \
+    && apk del build
 
 USER ${CONTAINER_USER}
 
-WORKDIR /home/${CONTAINER_USER}
-
+WORKDIR ${CONTAINER_HOME}
diff --git a/Makefile b/Makefile
index 630a00d..eaf5727 100644
--- a/Makefile
+++ b/Makefile
@@ -1,18 +1,29 @@
-IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-image-build-template:latest
+IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-kubectl:latest
+ARCH = $(shell uname --machine)
 
-test: build
-	container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME)
+define DOCKER_BUILD
+	@echo "Building on $(ARCH) architecture";
+	@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
+		docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) .; \
+	else \
+		docker build --file Dockerfile --tag $(IMAGE_NAME) .; \
+	fi
+endef
 
-scan: build
-	trivy image --vuln-type  os,library --severity  CRITICAL --exit-code 1 $(IMAGE_NAME)
+define CONTAINER_TEST
+	@echo "Testing on $(ARCH) architecture";
+	@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
+		container-structure-test test --platform linux/amd64 --config test/container-structure-test.yml --image $(IMAGE_NAME); \
+	else \
+		container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME); \
+	fi
+endef
 
 build:
-	@ARCH=`uname -m`; \
-	case $$ARCH in \
-	aarch64 | arm64) \
-		echo "Building on $$ARCH architecture"; \
-		docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) . ;; \
-	*) \
-		echo "Building on $$ARCH architecture"; \
-		docker build --file Dockerfile --tag $(IMAGE_NAME) . ;; \
-	esac
+	$(DOCKER_BUILD)
+
+test: build
+	$(CONTAINER_TEST)
+
+scan: build
+	trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME)
diff --git a/README.md b/README.md
index d9d564d..57e777e 100644
--- a/README.md
+++ b/README.md
@@ -1,96 +1,47 @@
-# Analytical Platform Image Build Template
+# Analytical Platform Kubectl
 
-[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-image-build-template&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-image-build-template)
-
-This template repository equips you with the default initial files for building a container used in Analytical Platform.
+[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-kubectl&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-kubectl)
 
 This repository is managed in Terraform [here](https://github.com/ministryofjustice/data-platform-github-access/blob/main/terraform/github/analytical-platform-repositories.tf).
 
-## Included Files
-
-The repository comes with the following preset files:
-
-<!-- generated with `tree -a -I '.git'` -->
-```text
-├── .devcontainer
-│   ├── devcontainer.json
-│   └── devcontainer-lock.json
-├── Dockerfile
-├── .editorconfig
-├── .github
-│   ├── CODEOWNERS
-│   ├── dependabot.yml
-│   └── workflows
-│       ├── build-and-test.yml
-│       ├── dependency-review.yml
-│       ├── release.yml
-│       ├── scan-image.yml
-│       └── super-linter.yml
-├── .gitignore
-├── LICENSE
-├── Makefile
-├── README.md
-└── test
-    └── container-structure-test.yml
-```
-
-## Setup Instructions
-
-Once you've created your repository using this template, perform the following steps:
-
-### Update README
-
-Edit this README.md file to document your project accurately. Take the time to create a clear, engaging, and informative README.md file. Include information like what your project does, how to install and run it, how to contribute, and any other pertinent details.
-
-### Update repository description
-
-After you've created your repository, GitHub provides a brief description field that appears on the top of your repository's main page. This is a summary that gives visitors quick insight into the project. Using this field to provide a succinct overview of your repository is highly recommended.
-
-This description and your README.md will be one of the first things people see when they visit your repository. It's a good place to make a strong, concise first impression. Remember, this is often visible in search results on GitHub and search engines, so it's also an opportunity to help people discover your project.
-
-### Grant Team Permissions
-
-Assign permissions to the appropriate Ministry of Justice teams. Ensure at least one team is granted Admin permissions. Whenever possible, assign permissions to teams rather than individual users.
+This repository contains the GitHub Kubectl container image for use in the Analytical Platform.
 
-### Read about the GitHub Repository Standards
+## Running Locally
 
-Familiarise yourself with the Ministry of Justice GitHub Repository Standards. These standards ensure consistency, maintainability, and best practices across all our repositories.
+### Build
 
-You can find the standards [here](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html).
-
-Please read and understand these standards thoroughly and enable them when you feel comfortable.
-
-### Modify the GitHub Repository Standards Badge
-
-Once you've ensured that all the [GitHub Repository Standards](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html) have been applied to your repository, it's time to update the Ministry of Justice (MoJ) Compliance Badge located in the README file.
-
-The badge demonstrates that your repository is compliant with MoJ's standards. Please follow these [instructions](https://operations-engineering.service.justice.gov.uk/documentation/runbooks/services/add-repo-badge.html) to modify the badge URL to reflect the status of your repository correctly.
-
-**Please note** the badge will not function correctly if your repository is internal or private. In this case, you may remove the badge from your README.
-
-### Manage Outside Collaborators
-
-To add an Outside Collaborator to the repository, follow the guidelines detailed [here](https://github.com/ministryofjustice/github-collaborators).
+```bash
+docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/kubectl:local .
+```
 
-### Update CODEOWNERS
+### Run
 
-(Optional) Modify the CODEOWNERS file to specify the teams or users authorized to approve pull requests.
+```bash
+docker run -it --rm \
+  --platform linux/amd64 \
+  --name analytical-platform-actions-runner \
+  analytical-platform.service.justice.gov.uk/actions-runner:local
+```
+## Versions
 
-### Configure Dependabot
+### Alpine
 
-Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security).
+Generally Dependabot does this, but the following command will return the digest:
 
-### Dependency Review
+```bash
+docker pull --platform linux/amd64 docker.io/alpine:3.19.1
 
-If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file.
+docker image inspect --format='{{index .RepoDigests 0}}' docker.io/alpine:3.19.1
+```
 
-### Dockerfile
+### APT Packages
 
-Make sure to add your own build logic to the bottom of the `Dockerfile`.
+To find latest APT package versions, you can run the following:
 
-### Tests
+```bash
+docker run -it --rm --platform linux/amd64 docker.io/alpine:3.19.1
 
-> [!NOTE]
-> No application testing has been added to this template, this is to be implemented by the developer as required.
+apk update
 
-Please make sure to add any additional container structure tests needed to the `container-structure-test.yml`.
+apk policy ${PACKAGE} # for example curl, git or gpg
+```
diff --git a/test/container-structure-test.yml b/test/container-structure-test.yml
index 8948a04..744c020 100644
--- a/test/container-structure-test.yml
+++ b/test/container-structure-test.yml
@@ -2,24 +2,24 @@
 schemaVersion: 2.0.0
 
 containerRunOptions:
-  user: "analyticalplatform"
+  user: "nonroot"
 
 commandTests:
-  - name: "ubuntu"
+  - name: "alpine"
     command: "grep"
-    args: ["DISTRIB_RELEASE", "/etc/lsb-release"]
-    expectedOutput: ["DISTRIB_RELEASE=22.04"]
+    args: ["VERSION_ID", "/etc/os-release"]
+    expectedOutput: ["VERSION_ID=3.19.1"]
 
   - name: "whoami"
     command: "whoami"
-    expectedOutput: ["analyticalplatform"]
+    expectedOutput: ["nonroot"]
 
   - name: "user"
     command: "id"
-    args: ["--user", "analyticalplatform"]
-    expectedOutput: ["1000"]
+    args: ["-u", "nonroot"]
+    expectedOutput: ["10000"]
 
   - name: "groups"
     command: "id"
-    args: ["--groups", "analyticalplatform"]
-    expectedOutput: ["100"]
+    args: ["-g", "nonroot"]
+    expectedOutput: ["10000"]