Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit66a5b0f

Browse files
authored
fix: don't use adduser and addgroup for docker images (#3344)
* fix: don't use adduser and addgroup for docker images* Revert "fix: Remove alternative image architectures until we virtualize (#3336)"This reverts commit00c5116.
1 parent8f3727d commit66a5b0f

File tree

3 files changed

+31
-14
lines changed

3 files changed

+31
-14
lines changed

‎.github/workflows/release.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ jobs:
102102
103103
# build and (maybe) push Docker images for each architecture
104104
images=()
105-
for arch in amd64; do
105+
for arch in amd64 armv7 arm64; do
106106
img="$(
107107
./scripts/build_docker.sh \
108108
${{ (!github.event.inputs.dry_run && !github.event.inputs.snapshot) && '--push' || '' }} \

‎Dockerfile

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
1-
FROM alpine
1+
# This is the multi-arch Dockerfile used for Coder. Since it's multi-arch and
2+
# cross-compiled, it cannot have ANY "RUN" commands. All binaries are built
3+
# using the go toolchain on the host and then copied into the build context by
4+
# scripts/build_docker.sh.
5+
FROM alpine:latest
26

37
# LABEL doesn't add any real layers so it's fine (and easier) to do it here than
48
# in the build script.
@@ -11,12 +15,12 @@ LABEL \
1115
org.opencontainers.image.version="$CODER_VERSION" \
1216
org.opencontainers.image.licenses="AGPL-3.0"
1317

18+
# Create coder group and user. We cannot use `addgroup` and `adduser` because
19+
# they won't work if we're building the image for a different architecture.
20+
COPY --chown=root:root --chmod=644 group passwd /etc/
21+
1422
# The coder binary is injected by scripts/build_docker.sh.
15-
ADD coder /opt/coder
23+
COPY --chown=coder:coder --chmod=755 coder /opt/coder
1624

17-
# Create coder group and user.
18-
RUN addgroup -g 1000 coder && \
19-
adduser -D -g"" -h /home/coder -G coder -u 1000 -S -s /bin/sh coder
2025
USER coder:coder
21-
2226
ENTRYPOINT ["/opt/coder","server" ]

‎scripts/build_docker.sh

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -95,14 +95,27 @@ ln -P Dockerfile "$temp_dir/"
9595

9696
cd"$temp_dir"
9797

98-
build_args=(
99-
--platform"$arch"
100-
--build-arg"CODER_VERSION=$version"
101-
--tag"$image_tag"
102-
)
103-
10498
log"--- Building Docker image for$arch ($image_tag)"
105-
docker buildx build"${build_args[@]}".1>&2
99+
100+
# Pull the base image, copy the /etc/group and /etc/passwd files out of it, and
101+
# add the coder group and user. We have to do this in a separate step instead of
102+
# using the RUN directive in the Dockerfile because you can't use RUN if you're
103+
# building the image for a different architecture than the host.
104+
docker pull --platform"$arch" alpine:latest1>&2
105+
106+
temp_container_id="$(docker create --platform"$arch" alpine:latest)"
107+
docker cp"$temp_container_id":/etc/group ./group1>&2
108+
docker cp"$temp_container_id":/etc/passwd ./passwd1>&2
109+
docker rm"$temp_container_id"1>&2
110+
111+
echo"coder:x:1000:coder">>./group
112+
echo"coder:x:1000:1000::/:/bin/sh">>./passwd
113+
114+
docker buildx build \
115+
--platform"$arch" \
116+
--build-arg"CODER_VERSION=$version" \
117+
--tag"$image_tag" \
118+
.1>&2
106119

107120
cdroot
108121
rm -rf"$temp_dir"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp