Dockerfile changed using multistage

for applcmbroker and helmplugin

Signed-off-by: Srinivasan Selvam <srinivasan.s.n@huawei.com>
Change-Id: I4a5664b8807a57a5ea08698e1b7a33c61a7f1dbf

diff --git a/mecm/mepm/applcm/broker/build/Dockerfile b/mecm/mepm/applcm/broker/build/Dockerfile
index 8a7e2ae..7991e57 100644 (file)
--- a/mecm/mepm/applcm/broker/build/Dockerfile
+++ b/mecm/mepm/applcm/broker/build/Dockerfile
@@ -12,31 +12,60 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.13.4-alpine3.10
+FROM golang:1.13.4-alpine3.10 as builder
 
 ENV GOPROXY https://goproxy.io
 ENV GO111MODULE on
+ENV HOME=/go/release
 
 RUN apk update && apk upgrade && \
     apk add --no-cache bash git openssh
 
+RUN mkdir -p $HOME
+
 WORKDIR /go/cache
 
 ADD go.mod .
 ADD go.sum .
 RUN go mod download
 
-WORKDIR /go/release
+WORKDIR $HOME
 RUN mkdir -p /go/release/application/packages
 
 ADD . .
 
 RUN GOOS=linux CGO_ENABLED=0 go build -ldflags="-s -w" -installsuffix cgo -o app cmd/broker/main.go
 
-RUN cp app start.sh /
+FROM golang:1.13.4-alpine3.10
+
+RUN mkdir -p /go/release
 
-EXPOSE 8081
+ENV HOME=/go/release
+ENV APP_HOME=/go/release
+ENV UID=166
+ENV GID=166
+ENV USER_NAME=ealtuser
+ENV GROUP_NAME=ealtgroup
+
+RUN apk update &&\
+    apk add shadow &&\
+    groupadd -r -g $GID $GROUP_NAME &&\
+    useradd -r -u $UID -g $GID -d $HOME -s /sbin/nologin -c "Docker image user" $USER_NAME &&\
+    chown -R $USER_NAME:$GROUP_NAME $HOME
 
-CMD ["/start.sh"]
+WORKDIR $APP_HOME
 
+USER $USER_NAME
+
+COPY --chown=ealtuser:ealtgroup --from=builder $HOME/app $APP_HOME
+COPY --chown=ealtuser:ealtgroup --from=builder $HOME/start.sh $APP_HOME
+
+RUN mkdir -p /go/release/application/packages
+
+RUN chmod 750 $HOME &&\
+    chmod 550 $HOME/app &&\
+    chmod 550 $HOME/start.sh
+
+EXPOSE 8081
 
+ENTRYPOINT ["./app"]

diff --git a/mecm/mepm/applcm/k8shelm/build/Dockerfile b/mecm/mepm/applcm/k8shelm/build/Dockerfile
index 0faf012..a0d8a8f 100644 (file)
--- a/mecm/mepm/applcm/k8shelm/build/Dockerfile
+++ b/mecm/mepm/applcm/k8shelm/build/Dockerfile
@@ -12,10 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.13.4-alpine3.10
+FROM golang:1.13.4-alpine3.10 as builder
 
 ENV GOPROXY https://goproxy.io
 ENV GO111MODULE on
+ENV HOME=/go/release
+
+RUN mkdir -p $HOME
 
 WORKDIR /go/cache
 
@@ -23,7 +26,7 @@ ADD go.mod .
 ADD go.sum .
 RUN go mod download
 
-WORKDIR /go/release
+WORKDIR $HOME
 
 RUN mkdir charts
 RUN mkdir kubeconfig
@@ -32,9 +35,37 @@ ADD . .
 
 RUN GOOS=linux CGO_ENABLED=0 go build -ldflags="-s -w" -installsuffix cgo -o app cmd/helm/main.go
 
-RUN cp app start.sh /
+FROM golang:1.13.4-alpine3.10
 
-EXPOSE 50051
+RUN mkdir -p /go/release
+
+ENV HOME=/go/release
+ENV APP_HOME=/go/release
+ENV UID=166
+ENV GID=166
+ENV USER_NAME=ealtuser
+ENV GROUP_NAME=ealtgroup
+
+RUN apk update &&\
+    apk add shadow &&\
+    groupadd -r -g $GID $GROUP_NAME &&\
+    useradd -r -u $UID -g $GID -d $HOME -s /sbin/nologin -c "Docker image user" $USER_NAME &&\
+    chown -R $USER_NAME:$GROUP_NAME $HOME
+
+WORKDIR $APP_HOME
 
-CMD ["/start.sh"]
+USER $USER_NAME
+
+COPY --chown=ealtuser:ealtgroup --from=builder $HOME/app $APP_HOME
+COPY --chown=ealtuser:ealtgroup --from=builder $HOME/start.sh $APP_HOME
+
+RUN mkdir charts
+RUN mkdir kubeconfig
+
+RUN chmod 750 $HOME &&\
+    chmod 550 $HOME/app &&\
+    chmod 550 $HOME/start.sh
+
+EXPOSE 50051
 
+ENTRYPOINT ["./app"]