File tree Expand file tree Collapse file tree 7 files changed +16
-41
lines changed
Expand file tree Collapse file tree 7 files changed +16
-41
lines changed Original file line number Diff line number Diff line change @@ -8,7 +8,7 @@ metadata:
88 build.appstudio.redhat.com/target_branch : ' {{target_branch}}'
99 pipelinesascode.tekton.dev/cancel-in-progress : " true"
1010 pipelinesascode.tekton.dev/max-keep-runs : " 3"
11- pipelinesascode.tekton.dev/on-cel-expression : event == "pull_request" && target_branch == "release-1.8" && ( ".tekton/compliance-operator-release-1-8-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
11+ pipelinesascode.tekton.dev/on-cel-expression : event == "pull_request" && target_branch == "release-1.8" && ( ".tekton/compliance-operator-release-1-8-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "images/operator/Dockerfile".pathChanged() || "build/bin/*".pathChanged() || " pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
1212 creationTimestamp :
1313 labels :
1414 appstudio.openshift.io/application : compliance-operator-release-1-8
Original file line number Diff line number Diff line change @@ -8,7 +8,7 @@ metadata:
88 build.appstudio.redhat.com/target_branch : ' {{target_branch}}'
99 pipelinesascode.tekton.dev/cancel-in-progress : " false"
1010 pipelinesascode.tekton.dev/max-keep-runs : " 3"
11- pipelinesascode.tekton.dev/on-cel-expression : event == "push" && target_branch == "release-1.8" && ( ".tekton/compliance-operator-release-1-8-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
11+ pipelinesascode.tekton.dev/on-cel-expression : event == "push" && target_branch == "release-1.8" && ( ".tekton/compliance-operator-release-1-8-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "images/operator/Dockerfile".pathChanged() || "build/bin/*".pathChanged() || " pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
1212 creationTimestamp :
1313 labels :
1414 appstudio.openshift.io/application : compliance-operator-release-1-8
Original file line number Diff line number Diff line change @@ -12,16 +12,13 @@ RUN make manager
1212# Step two: containerize compliance-operator
1313FROM registry.access.redhat.com/ubi9/ubi-micro:latest
1414
15- ENV OPERATOR=/usr/local/bin/compliance-operator \
16- USER_UID=1001 \
17- USER_NAME=compliance-operator
15+ ENV OPERATOR=/usr/local/bin/compliance-operator
1816
1917# install operator binary
2018COPY --from=builder /go/src/github.com/openshift/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR}
2119
22- COPY build/bin /usr/local/bin
23- RUN /usr/local/bin/user_setup
20+ COPY build/bin/entrypoint /usr/local/bin/entrypoint
2421
2522ENTRYPOINT ["/usr/local/bin/entrypoint"]
2623
27- USER ${USER_UID}
24+ USER 1001
Original file line number Diff line number Diff line change @@ -11,16 +11,13 @@ RUN make manager
1111# Step two: containerize compliance-operator
1212FROM registry.access.redhat.com/ubi9/ubi-micro:latest
1313
14- ENV OPERATOR=/usr/local/bin/compliance-operator \
15- USER_UID=1001 \
16- USER_NAME=compliance-operator
14+ ENV OPERATOR=/usr/local/bin/compliance-operator
1715
1816# install operator binary
1917COPY --from=builder /go/src/github.com/openshift/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR}
2018
21- COPY build/bin /usr/local/bin
22- RUN /usr/local/bin/user_setup
19+ COPY build/bin/entrypoint /usr/local/bin/entrypoint
2320
2421ENTRYPOINT ["/usr/local/bin/entrypoint" ]
2522
26- USER ${USER_UID}
23+ USER 1001
Original file line number Diff line number Diff line change 11#! /bin/sh -e
22
33# This is documented here:
4- # https://docs.openshift .com/container-platform/3.11/creating_images/guidelines. html#openshift-specific-guidelines
4+ # https://docs.redhat .com/en/documentation/openshift_container_platform/latest/ html/images/creating-images#use-uid_create-images
55
6- if ! whoami & > /dev/null; then
7- if [ -w /etc/passwd ]; then
8- echo " ${USER_NAME:- compliance-operator} :x:$( id -u) $( id -g) ${USER_NAME:- compliance-operator} user:${HOME} :/sbin/nologin" >> /etc/passwd
9- fi
10- fi
6+ # Since version 4.1 OCP supports arbitrary UIDs without requiring /etc/passwd entries
7+ # https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/images/creating_images
8+ # The container runs with the UID assigned by the platform, with group 0 (root) membership
9+ # File permissions are managed through group ownership, not username lookups
1110
1211exec ${OPERATOR} $@
Load Diff This file was deleted.
Original file line number Diff line number Diff line change @@ -31,19 +31,14 @@ LABEL \
3131
3232WORKDIR /
3333
34- # Needed by the user_setup and entrypoint scripts
35- ENV OPERATOR_BIN=/usr/local/bin/compliance-operator \
36- USER_NAME=compliance-operator \
37- USER_UID=1001
34+ ENV OPERATOR_BIN=/usr/local/bin/compliance-operator
3835
3936COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/LICENSE /licenses/LICENSE
4037COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR_BIN}
41- COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/bin/* /usr/local/bin
38+ COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/bin/entrypoint /usr/local/bin/entrypoint
4239# This is required for the bundle build.
4340COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/bundle /bundle
4441
45- RUN /usr/local/bin/user_setup
46-
4742ENTRYPOINT ["/usr/local/bin/entrypoint" ]
4843
49- USER ${USER_UID}
44+ USER 1001
You can’t perform that action at this time.
0 commit comments