From aff2b8aeead73f8a034ac45bccdbc1eabd5cee40 Mon Sep 17 00:00:00 2001
From: mitjaziv <mitjaz@gmail.com>
Date: Wed, 15 Nov 2023 18:02:08 +0100
Subject: [PATCH] TT-10430: migrate to gcr.io/distroless image

---
 Dockerfile | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index afd517dd..c3edc2d6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,28 +14,24 @@ ENV CGO_ENABLED=0
 
 WORKDIR /go/src/github.com/TykTechnologies/mserv
 
-# Add the sources
 COPY . .
 
-# Compile!
 RUN go build -ldflags="-buildid= -w" -trimpath -v -o /bin/mserv
+RUN mkdir -p /opt/mserv/downloads /opt/mserv/plugins
 
-FROM debian:buster-slim AS runner
-
-# Set some shell options for using pipes and such
-SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ]
+FROM gcr.io/distroless/base:nonroot AS runner
+USER 65532
 
-ENV TYKVERSION 0.1
 ENV TYK_MSERV_CONFIG /etc/mserv/mserv.json
 
 LABEL Description="Tyk MServ service docker image" Vendor="Tyk" Version=$TYKVERSION
 
-RUN mkdir -p /opt/mserv/downloads /opt/mserv/plugins
-
 WORKDIR /opt/mserv
 
-# Bring common CA certificates and binary over
+# Bring common CA certificates and binary over.
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /bin/mserv /opt/mserv/mserv
+COPY --from=builder /opt/mserv/downloads /opt/mserv/downloads
+COPY --from=builder /opt/mserv/plugins /opt/mserv/plugins
 
 ENTRYPOINT [ "/opt/mserv/mserv" ]