-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
It's basically just the harness base + the aws cli in a full ubuntu container to ensure awscli doesn't bork. Will serve as good working documentation of how to build your own custom stack
- Loading branch information
1 parent
f092adf
commit ad628a6
Showing
2 changed files
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
ARG HARNESS_BASE_IMAGE_TAG=latest | ||
Check notice Code scanning / Trivy No HEALTHCHECK defined Low
Artifact: dockerfiles/harness/custom.Dockerfile
Type: dockerfile Vulnerability DS026 Severity: LOW Message: Add HEALTHCHECK instruction in your Dockerfile Link: DS026 |
||
ARG HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base | ||
ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG | ||
|
||
FROM $HARNESS_BASE_IMAGE as harness | ||
Check warning Code scanning / Trivy ':latest' tag used Medium
Artifact: dockerfiles/harness/custom.Dockerfile
Type: dockerfile Vulnerability DS001 Severity: MEDIUM Message: Specify a tag in the 'FROM' statement for image 'ghcr.io/pluralsh/stackrun-harness-base' Link: DS001 Check warning Code scanning / Trivy ':latest' tag used Medium
Artifact: dockerfiles/harness/custom.Dockerfile
Type: dockerfile Vulnerability DS001 Severity: MEDIUM Message: Specify a tag in the 'FROM' statement for image 'latest' Link: DS001 |
||
|
||
FROM debian:12-slim | ||
|
||
COPY --from=harness /harness /usr/local/bin/harness | ||
|
||
# Change ownership of the harness binary to UID/GID 65532 | ||
RUN chown -R 65532:65532 /usr/local/bin/harness | ||
RUN apt-get -y update && apt-get -y install curl unzip | ||
Check failure Code scanning / Trivy 'apt-get' missing '--no-install-recommends' High
Artifact: dockerfiles/harness/custom.Dockerfile
Type: dockerfile Vulnerability DS029 Severity: HIGH Message: '--no-install-recommends' flag is missed: 'apt-get -y update && apt-get -y install curl unzip' Link: DS029 |
||
|
||
# Install build dependencies, Ansible, and openssh-client | ||
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ | ||
unzip awscliv2.zip && \ | ||
./aws/install | ||
|
||
RUN addgroup --gid 65532 nonroot | ||
|
||
# Switch to the non-root user | ||
USER 65532:65532 | ||
|
||
WORKDIR /plural | ||
|
||
ENTRYPOINT ["/harness", "--working-dir=/plural"] |