Skip to content

CMP-3635: Modernize user setup #1036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
xiaojiey wants to merge 1 commit into
base: master
Choose a base branch
from
Open

CMP-3635: Modernize user setup #1036

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .tekton/compliance-operator-dev-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/cancel-in-progress: "true"
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "master" && ( ".tekton/compliance-operator-dev-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "images/redhat.repo".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "master" && ( ".tekton/compliance-operator-dev-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "images/redhat.repo".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "images/operator/Dockerfile".pathChanged() || "build/bin/*".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
creationTimestamp:
labels:
appstudio.openshift.io/application: compliance-operator-dev
Expand Down
2 changes: 1 addition & 1 deletion .tekton/compliance-operator-dev-push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/cancel-in-progress: "false"
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "master" && ( ".tekton/compliance-operator-dev-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "images/redhat.repo".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "master" && ( ".tekton/compliance-operator-dev-*.yaml".pathChanged() || "images/operator/***".pathChanged() || "images/redhat.repo".pathChanged() || "main.go".pathChanged() || "tools.go".pathChanged() || "images/operator/Dockerfile".pathChanged() || "build/bin/*".pathChanged() || "pkg/**/*.go".pathChanged() || "cmd/**/*.go".pathChanged() || "version/***".pathChanged() || "config/***".pathChanged() || "*Makefile*".pathChanged() || "vendor/***".pathChanged() || "tests/***".pathChanged() || "LICENSE".pathChanged() )
creationTimestamp:
labels:
appstudio.openshift.io/application: compliance-operator-dev
Expand Down
9 changes: 3 additions & 6 deletions Dockerfile.ci
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ RUN make manager
# Step two: containerize compliance-operator
FROM registry.access.redhat.com/ubi9/ubi-micro:latest

ENV OPERATOR=/usr/local/bin/compliance-operator \
USER_UID=1001 \
USER_NAME=compliance-operator
ENV OPERATOR=/usr/local/bin/compliance-operator

# install operator binary
COPY --from=builder /go/src/github.com/openshift/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR}

COPY build/bin /usr/local/bin
RUN /usr/local/bin/user_setup
COPY build/bin/entrypoint /usr/local/bin/entrypoint

ENTRYPOINT ["/usr/local/bin/entrypoint"]

USER ${USER_UID}
USER 1001
9 changes: 3 additions & 6 deletions build/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,13 @@ RUN make manager
# Step two: containerize compliance-operator
FROM registry.access.redhat.com/ubi9/ubi-micro:latest

ENV OPERATOR=/usr/local/bin/compliance-operator \
USER_UID=1001 \
USER_NAME=compliance-operator
ENV OPERATOR=/usr/local/bin/compliance-operator

# install operator binary
COPY --from=builder /go/src/github.com/openshift/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR}

COPY build/bin /usr/local/bin
RUN /usr/local/bin/user_setup
COPY build/bin/entrypoint /usr/local/bin/entrypoint

ENTRYPOINT ["/usr/local/bin/entrypoint"]

USER ${USER_UID}
USER 1001
11 changes: 5 additions & 6 deletions build/bin/entrypoint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
#!/bin/sh -e

# This is documented here:
# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
# https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/images/creating-images#use-uid_create-images

if ! whoami &>/dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-compliance-operator}:x:$(id -u):$(id -g):${USER_NAME:-compliance-operator} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi
# Since version 4.1 OCP supports arbitrary UIDs without requiring /etc/passwd entries
# https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/images/creating_images
# The container runs with the UID assigned by the platform, with group 0 (root) membership
# File permissions are managed through group ownership, not username lookups

exec ${OPERATOR} $@
13 changes: 0 additions & 13 deletions build/bin/user_setup
View file
Open in desktop

This file was deleted.

11 changes: 3 additions & 8 deletions images/operator/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,14 @@ LABEL \

WORKDIR /

# Needed by the user_setup and entrypoint scripts
ENV OPERATOR_BIN=/usr/local/bin/compliance-operator \
USER_NAME=compliance-operator \
USER_UID=1001
ENV OPERATOR_BIN=/usr/local/bin/compliance-operator

COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/LICENSE /licenses/LICENSE
COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/_output/bin/compliance-operator ${OPERATOR_BIN}
COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/bin/* /usr/local/bin
COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/build/bin/entrypoint /usr/local/bin/entrypoint
# This is required for the bundle build.
COPY --from=builder /go/src/github.com/ComplianceAsCode/compliance-operator/bundle /bundle

RUN /usr/local/bin/user_setup

ENTRYPOINT ["/usr/local/bin/entrypoint"]

USER ${USER_UID}
USER 1001
Loading