[feat] docker - switching to using ubuntu for base image

Dropping alpine linux, in favor of ubuntu. Tackling security concerns Ticket: https://mattermost.atlassian.net/browse/CLD-7097
mattermost · Feb 19, 2024 · f238795 · f238795
1 parent 4f8640c
commit f238795
Showing 1 changed file with 13 additions and 14 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,39 +1,38 @@
-FROM alpine:3.15 AS TMP
+FROM ubuntu:noble-20240127.1@sha256:36fa0c7153804946e17ee951fdeffa6a1c67e5088438e5b90de077de5c600d4c AS TMP
 
-WORKDIR /mattermost-push-proxy
+# Setting bash as our shell, and enabling pipefail option
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+# Copying binaries
+WORKDIR /mattermost-push-proxy
 COPY dist/ dist/
 COPY docker/entrypoint .
-
 ARG ARCH
 COPY bin/mattermost-push-proxy-linux-$ARCH bin/mattermost-push-proxy
 
-FROM alpine:3.15
+#Using multi stage build
+FROM ubuntu:noble-20240127.1@sha256:36fa0c7153804946e17ee951fdeffa6a1c67e5088438e5b90de077de5c600d4c
 
-# hadolint ignore=DL3018
-RUN apk add --no-cache \
+# Install needed packages and indirect dependencies
+# hadolint ignore=DL3008
+RUN apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
   ca-certificates \
-  libc6-compat \
   libffi-dev \
-  linux-headers \
   netcat-openbsd \
   tzdata \
-  && rm -rf /tmp/* \
+  && rm -rf /var/lib/apt/lists/* \
   && mkdir -p mattermost-push-proxy/bin \
   && chown -R nobody:nogroup /mattermost-push-proxy
 
+# Coyping needed files from previous stage
 COPY --from=TMP /mattermost-push-proxy/dist /
 COPY --from=TMP /mattermost-push-proxy/bin/ /mattermost-push-proxy/bin/
 COPY --from=TMP /mattermost-push-proxy/entrypoint /usr/local/bin/
 
 USER nobody
-
 WORKDIR /mattermost-push-proxy
-
 ENV PUSH_PROXY=/mattermost-push-proxy/bin/mattermost-push-proxy
-
 EXPOSE 8066
-
 VOLUME ["/mattermost-push-proxy/config", "/mattermost-push-proxy/certs"]
-
 ENTRYPOINT ["/usr/local/bin/entrypoint"]