Fix security issue in Dockerfile found by SQ (#63)

Signed-off-by: Mu Chen <[email protected]>

Author: Charles1000Chen

.jenkinsfile.blaze-semantic.groovy

@@ -16,7 +16,7 @@ def buildInfo = bzSemantic(
     native: [
         kind: "go",
         build: [
-            platforms: ["linux/arm64", "linux/s390x"]
+            platforms: ["linux/amd64", "linux/s390x"]
         ]
     ]
 )

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04 AS pem
+FROM ubuntu:jammy AS pem
 RUN apt update && apt install curl -y
 WORKDIR /root/
 # The links of the IBM root CA and intermediate certs are from https://daymvs1.pok.ibm.com/ibmca/certificates.do;
@@ -9,13 +9,22 @@ RUN curl https://daymvs1.pok.ibm.com/ibmca/downloadCarootCert.do?file=carootcert
     openssl x509 -inform der -in caintermediatecert.der -out 02-caintermediatecert.pem
 
 
-FROM busybox:latest
-COPY spectrum-virtualize-exporter /bin/spectrum-virtualize-exporter
-COPY spectrumVirtualize.yml /etc/spectrumVirtualize/spectrumVirtualize.yml
+FROM ubuntu:jammy
+
+ARG APP_USER=spectrum
+
+# Use "make binary" to build the binary spectrum-virtualize-exporter
+COPY spectrum-virtualize-exporter /opt/spectrumVirtualize/spectrum-virtualize-exporter
+COPY spectrumVirtualize.yml /opt/spectrumVirtualize/spectrumVirtualize.yml
 COPY --from=pem /root/*.pem /usr/local/share/ca-certificates/
 # https://github.com/golang/go/blob/master/src/crypto/x509/root_linux.go
-RUN mkdir -p /etc/ssl/certs && \
-    cat /usr/local/share/ca-certificates/*.pem >> /etc/ssl/certs/ca-certificates.crt
+RUN mkdir -p /etc/ssl/certs \
+    && cat /usr/local/share/ca-certificates/*.pem >> /etc/ssl/certs/ca-certificates.crt \
+    && groupadd -g 1000 -r $APP_USER \
+    && useradd -u 1000 -r -g $APP_USER -d /home/$APP_USER -m -s /bin/bash $APP_USER \
+    && chown -R 1000:1000 /opt/spectrumVirtualize
+
+USER $APP_USER
 EXPOSE 9119
-ENTRYPOINT ["/bin/spectrum-virtualize-exporter"]
+ENTRYPOINT ["/opt/spectrumVirtualize/spectrum-virtualize-exporter"]
 CMD ["--config.file=/etc/spectrumVirtualize/spectrumVirtualize.yml"]