Open ds-psosnowski opened 8 months ago
Hi @ds-psosnowski
i guess you mean this workflow https://github.com/catenax-ng/tx-item-relationship-service/actions/workflows/quality-checks.yaml
- Testing Quality Guideline: TRG 4.03 - Non-root container Start finding Dockerfiles at ./ Found Dockerfiles: Dockerfile Failed! Guideline description: Container images shall not run as root for security reasons. Invalid user specified in Dockerfile: Dockerfile More infos: https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-03
will check with our team.
Hey, yes exactly this. Thanks for information.
Hi @ds-psosnowski this is currently a problem we get aware also from https://github.com/catenax-ng/tx-traceability-foss/blob/main/Dockerfile
that was referenced in in #341 and we opened a issue against helm https://github.com/helm/helm/issues/12385 itself.
but thinking also about rewriting our checks for that.
@FaGru3n Allright, so we're waiting for fix. It is not blocking us but quality check is failing. Thanks for sharing and have a nice day.
@ds-psosnowski , @FaGru3n I think there is a little disconnect here, the issue reported isn't related to the helm one (https://github.com/helm/helm/issues/12385) but to our implementation of the non root user check which is unable to resolve the variable references ${UID}:${GID} in USER, see the comment from @SebastianBezold https://github.com/eclipse-tractusx/sig-infra/issues/341#issuecomment-1801647691 .
moved to our backlog, to plan it properly
Is your support request related to a problem? Please describe.
One of our quality check is failing -
Failed! Guideline description: Container images shall not run as root for security reasons.
We are not sure if this is not caused by defining user from env variables:USER ${UID}:${GID}
Or maybe because we didn't specify user for build image.Describe the solution you'd like
If this is caused by using env variables then check shouldn't fail.
Additional context
Dockerfile for verification: https://github.com/catenax-ng/tx-item-relationship-service/blob/main/Dockerfile