Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use rootless scratch containers for production Docker images #4004

Merged
merged 14 commits into from
Feb 12, 2024
Merged

Use rootless scratch containers for production Docker images #4004

merged 14 commits into from
Feb 12, 2024

Conversation

ahmethakanbesel
Copy link
Contributor

@ahmethakanbesel ahmethakanbesel commented Jan 23, 2024
edited by AlekSi
Loading

Description

Created a non-root user for the production container image.

Closes #3992.

Readiness checklist

  • I added/updated unit tests (and they pass).
  • I added/updated integration/compatibility tests (and they pass).
  • I added/updated comments and checked rendering.
  • I made spot refactorings.
  • I updated user documentation.
  • I ran task all, and it passed.
  • I ensured that PR title is good enough for the changelog.
  • (for maintainers only) I set Reviewers (@FerretDB/core), Milestone (Next), Labels, Project and project's Sprint fields.
  • I marked all done items in this checklist.

@CLAassistant
Copy link

CLAassistant commented Jan 23, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@AlekSi AlekSi self-assigned this Jan 24, 2024
@AlekSi AlekSi added code/chore Code maintenance improvements trust PRs that can access Actions secrets packages PRs that should build packages labels Jan 29, 2024
@AlekSi
Copy link
Member

AlekSi commented Jan 29, 2024

@ahmethakanbesel Please sign our CLA by clicking a button in that comment: #4004 (comment)

@codecov Codecov
Copy link

codecov bot commented Jan 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (b00e27c) 75.54% compared to head (1f0a490) 75.38%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4004      +/-   ##
==========================================
- Coverage   75.54%   75.38%   -0.16%     
==========================================
  Files         342      342              
  Lines       21809    21809              
==========================================
- Hits        16475    16441      -34     
- Misses       4041     4066      +25     
- Partials     1293     1302       +9

see 11 files with indirect coverage changes

Flag Coverage Δ
filter-true 67.55% <ø> (-0.18%) ⬇️
hana-1 14.69% <ø> (ø)
integration 67.55% <ø> (-0.18%) ⬇️
mongodb-1 4.81% <ø> (ø)
postgresql-1 ?
postgresql-2 46.61% <ø> (+0.02%) ⬆️
postgresql-3 47.81% <ø> (ø)
sqlite-1 48.93% <ø> (+0.08%) ⬆️
sqlite-2 45.70% <ø> (ø)
sqlite-3 46.97% <ø> (-0.06%) ⬇️
unit 32.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@ahmethakanbesel
Copy link
Contributor Author

@ahmethakanbesel Please sign our CLA by clicking a button in that comment: #4004 (comment)

Signed.

@AlekSi AlekSi self-requested a review January 30, 2024 09:45
@AlekSi AlekSi changed the title Create a non-root user for production Docker images Use rootless scratch containers for production Docker images Jan 31, 2024
AlekSi
AlekSi reviewed Jan 31, 2024
View reviewed changes
Copy link
Member

@AlekSi AlekSi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, do we need a group for that user?

build/docker/passwd Outdated Show resolved Hide resolved
@AlekSi AlekSi added this to the Next milestone Jan 31, 2024
@AlekSi AlekSi removed trust PRs that can access Actions secrets packages PRs that should build packages labels Jan 31, 2024
@AlekSi
Copy link
Member

AlekSi commented Feb 5, 2024

@ahmethakanbesel, please don't forget to re-request a review; otherwise, the PR will not show up in our dashboards. https://github.com/FerretDB/FerretDB/blob/main/CONTRIBUTING.md#submitting-pr

@AlekSi AlekSi enabled auto-merge (squash) February 12, 2024 15:54
@AlekSi AlekSi added trust PRs that can access Actions secrets packages PRs that should build packages not ready Issues that are not ready to be worked on; PRs that should skip CI and removed not ready Issues that are not ready to be worked on; PRs that should skip CI labels Feb 12, 2024
@AlekSi AlekSi requested review from a team, henvic, rumyantseva, chilagrow and noisersup February 12, 2024 15:57
@AlekSi AlekSi merged commit b4b9813 into FerretDB:main Feb 12, 2024
26 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@noisersup noisersup noisersup approved these changes

@AlekSi AlekSi AlekSi approved these changes

@henvic henvic Awaiting requested review from henvic henvic was automatically assigned from FerretDB/core

@rumyantseva rumyantseva Awaiting requested review from rumyantseva rumyantseva was automatically assigned from FerretDB/core

@chilagrow chilagrow Awaiting requested review from chilagrow chilagrow was automatically assigned from FerretDB/core

Assignees

@AlekSi AlekSi

@ahmethakanbesel ahmethakanbesel

Labels
code/chore Code maintenance improvements packages PRs that should build packages trust PRs that can access Actions secrets
Projects
Current Engineering
Archived in project
Milestone
v1.20.0
Development

Successfully merging this pull request may close these issues.

Use non-privileged scratch for production Docker images
4 participants
@ahmethakanbesel @CLAassistant @AlekSi @noisersup