Closed iamasmith closed 6 months ago
Done, I didn't include the comments as these were more for context in the review. Happy to add them back if you think it's needed..?
@blake since this is merged the container does need to be built and published with the changes to add the nobody user otherwise the suggested deployments will fail.
@iamasmith I just built and pushed an updated image.
23 Tested on it's own and integrated with my other PR implements a single line passwd file in the scratch container containing a nobody user and defaults to starting the user as that.
Layering is stil 1 layer, we simply construct a /release staging folder in the build container and copy that to root.
I use this same mechanism for my services that need connections to cloud services as golang doesn't have a trust chain in a scratch container unless there something well known on the image. I tend to copy /etc/ssl to the /release folder in the build stage to overcome this.
This allows a cleaner Deployment containing..