Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Dockerfile to be OpenShift restricted SCC compliant #891

Closed
wants to merge 2 commits into from
Closed

Update Dockerfile to be OpenShift restricted SCC compliant #891

wants to merge 2 commits into from

Conversation

Homopatrol
Copy link

Set ARG for GID=0.
Also specifying the group ownership for this through chmod -R g=u and chown -R ${USERNAME}:0

@k3rnelpan1c-dev k3rnelpan1c-dev mentioned this pull request Dec 19, 2021
Merged
@k3rnelpan1c-dev
Copy link
Contributor

Hi Pandora, could you check if Dependency Track 4.4.0, which includes #1303, is sufficient for you?

savek-cc
savek-cc reviewed Mar 21, 2022
View reviewed changes
src/main/docker/Dockerfile
ARG WAR_FILENAME=dependency-track-apiserver.war

# Create the directory where Dependency-Track will store its data (${DATA_DIR}) and the external library directory (${EXTLIB_DIR})
# Create a user and assign home directory to a ${DATA_DIR}
# Ensure UID 1000 & GID 1000 own all the needed directories
RUN mkdir -p -m 770 ${DATA_DIR} \
&& adduser -D -h ${DATA_DIR} -u 1000 ${USERNAME} \
&& chown -R ${USERNAME}:${USERNAME} ${DATA_DIR}
&& chown -R ${USERNAME}:0 ${DATA_DIR}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not :${GID} - otherwise that new parameter isn't even used anywhere?

Copy link
Contributor

@k3rnelpan1c-dev k3rnelpan1c-dev Mar 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason for this is to support arbitrary user IDs, such you can find in environments such as OpenShift.
You can read up on it in the OpenShift Documentation.

Regardless, since #1303 was merged that has this kind of behaviour already incorporated this PR is redundant, I think.

Edit: I see why you asked in the first place now 🤦‍♂️ (still I think this PR has been made redundant, now that the official DT image already includes support for arbitrary user IDs)

savek-cc
savek-cc reviewed Mar 21, 2022
View reviewed changes
src/main/docker/Dockerfile

# Copy the compiled WAR to the application directory created above
# Automatically creates the $APP_DIR directory
COPY --chown=1000 ./target/${WAR_FILENAME} ${APP_DIR}
COPY --chown=${USERNAME}:0 ./target/${WAR_FILENAME} ${APP_DIR}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above ${USERNAME}:${GID}?

@nscuro
Copy link
Member

nscuro commented Jun 9, 2022

Superseded by #1303.

@nscuro nscuro closed this Jun 9, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@k3rnelpan1c-dev k3rnelpan1c-dev k3rnelpan1c-dev left review comments

@savek-cc savek-cc savek-cc left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Homopatrol @k3rnelpan1c-dev @nscuro @savek-cc