From f23879591e8f9e4896c8b4c458f86eead42dfe00 Mon Sep 17 00:00:00 2001
From: Akis Maziotis <akis.maziotis@mattermost.com>
Date: Mon, 19 Feb 2024 13:05:47 +0200
Subject: [PATCH] [feat] docker - switching to using ubuntu for base image

Dropping alpine linux, in favor of ubuntu. Tackling security concerns

Ticket: https://mattermost.atlassian.net/browse/CLD-7097
---
 docker/Dockerfile | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 73d8060..b5cff20 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,39 +1,38 @@
-FROM alpine:3.15 AS TMP
+FROM ubuntu:noble-20240127.1@sha256:36fa0c7153804946e17ee951fdeffa6a1c67e5088438e5b90de077de5c600d4c AS TMP
 
-WORKDIR /mattermost-push-proxy
+# Setting bash as our shell, and enabling pipefail option
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+# Copying binaries
+WORKDIR /mattermost-push-proxy
 COPY dist/ dist/
 COPY docker/entrypoint .
-
 ARG ARCH
 COPY bin/mattermost-push-proxy-linux-$ARCH bin/mattermost-push-proxy
 
-FROM alpine:3.15
+#Using multi stage build
+FROM ubuntu:noble-20240127.1@sha256:36fa0c7153804946e17ee951fdeffa6a1c67e5088438e5b90de077de5c600d4c
 
-# hadolint ignore=DL3018
-RUN apk add --no-cache \
+# Install needed packages and indirect dependencies
+# hadolint ignore=DL3008
+RUN apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
   ca-certificates \
-  libc6-compat \
   libffi-dev \
-  linux-headers \
   netcat-openbsd \
   tzdata \
-  && rm -rf /tmp/* \
+  && rm -rf /var/lib/apt/lists/* \
   && mkdir -p mattermost-push-proxy/bin \
   && chown -R nobody:nogroup /mattermost-push-proxy
 
+# Coyping needed files from previous stage
 COPY --from=TMP /mattermost-push-proxy/dist /
 COPY --from=TMP /mattermost-push-proxy/bin/ /mattermost-push-proxy/bin/
 COPY --from=TMP /mattermost-push-proxy/entrypoint /usr/local/bin/
 
 USER nobody
-
 WORKDIR /mattermost-push-proxy
-
 ENV PUSH_PROXY=/mattermost-push-proxy/bin/mattermost-push-proxy
-
 EXPOSE 8066
-
 VOLUME ["/mattermost-push-proxy/config", "/mattermost-push-proxy/certs"]
-
 ENTRYPOINT ["/usr/local/bin/entrypoint"]