-
Notifications
You must be signed in to change notification settings - Fork 39
Expand file tree
/
Copy pathDockerfile-rootless
More file actions
34 lines (31 loc) · 1.17 KB
/
Dockerfile-rootless
File metadata and controls
34 lines (31 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
FROM node:24.13.0-alpine3.23
ARG TARGETPLATFORM
RUN apk --update add --no-cache \
bash \
ca-certificates \
curl \
git \
jq
COPY --from=mikefarah/yq:4.52.4 /usr/bin/yq /usr/local/bin/yq
ADD --chmod=775 https://dl.k8s.io/release/v1.35.1/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
WORKDIR /cf-cli
COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/
RUN yarn install --prod --frozen-lockfile && \
yarn cache clean
COPY . /cf-cli
RUN yarn generate-completion
#purpose of security
RUN npm -g uninstall npm
RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
RUN codefresh components update --location components
# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
# and we do not want to break user automation if they used to bind their .cfconfig
# to the /root/.cfconfig
RUN adduser -D -h /root -s /bin/sh cfu \
&& chown -R $(id -g cfu) /root /cf-cli \
&& chgrp -R $(id -g cfu) /root /cf-cli \
&& chmod -R g+rwX /root
# Node.js warnings must be suppressed to ensure that automations relying on exact output are not disrupted
ENV NODE_NO_WARNINGS=1
USER cfu
ENTRYPOINT ["codefresh"]