Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ adds USER instruction to Dockerfile #3937

Merged
merged 4 commits into from
May 9, 2024
Merged

✨ adds USER instruction to Dockerfile #3937

merged 4 commits into from
May 9, 2024

Conversation

scottford-io
Copy link
Contributor

@scottford-io scottford-io commented May 7, 2024
edited
Loading

This PR adds the USER instruction to the Dockerfile resource in order to write checks against the configured user.

EXAMPLES THAT SHOULD PASS

# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER pyuser
COPY . /app
RUN make /app
CMD python /app/app.py

# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER pyuser:pyuser
COPY . /app
RUN make /app
CMD python /app/app.py

# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER 1001:1001
COPY . /app
RUN make /app
CMD python /app/app.py

EXAMPLES THAT SHOULD FAIL

# syntax=docker/dockerfile:1

FROM ubuntu:22.04
COPY . /app
RUN make /app
CMD python /app/app.py
# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER root
COPY . /app
RUN make /app
CMD python /app/app.py
# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER 0
COPY . /app
RUN make /app
CMD python /app/app.py
# syntax=docker/dockerfile:1

FROM ubuntu:22.04
USER 0:0
COPY . /app
RUN make /app
CMD python /app/app.py

@afiune afiune force-pushed the scottford/dockerfile-user branch from 17913f8 to 0dbbb99 Compare May 7, 2024 19:55
@afiune afiune changed the title DRAFT: adds USER declaritive to Dockerfile ✨ adds USER declaritive to Dockerfile May 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 7, 2024
edited
Loading

Test Results

2 987 tests  +3   2 986 ✅ +3   1m 35s ⏱️ +5s
  329 suites ±0       1 💤 ±0 
   23 files   ±0       0 ❌ ±0 

Results for commit f6dcab9. ± Comparison against base commit 8e61400.

This pull request removes 3 and adds 6 tests. Note that renamed tests count towards both. 
go.mondoo.com/cnquery/v11/llx ‑ TestSuccess/2024-05-06_08:31:33.686377325_+0000_UTC_m=+0.008477650
go.mondoo.com/cnquery/v11/llx ‑ TestTruthy/2024-05-06_08:31:33.686377325_+0000_UTC_m=+0.008477650
go.mondoo.com/cnquery/v11/llx ‑ TestTruthy/2024-05-06_08:31:33.686377325_+0000_UTC_m=+0.008477650#01

go.mondoo.com/cnquery/v11/llx ‑ TestSuccess/2024-05-06_08:24:27.283643743_+0000_UTC_m=+0.009431476
go.mondoo.com/cnquery/v11/llx ‑ TestTruthy/2024-05-06_08:24:27.283643743_+0000_UTC_m=+0.009431476
go.mondoo.com/cnquery/v11/llx ‑ TestTruthy/2024-05-06_08:24:27.283643743_+0000_UTC_m=+0.009431476#01
go.mondoo.com/cnquery/v11/providers/os/resources ‑ TestParseDockerfile/minimal_instructions_with_CMD
go.mondoo.com/cnquery/v11/providers/os/resources ‑ TestParseDockerfile/with_all_instructions
go.mondoo.com/cnquery/v11/providers/os/resources ‑ TestParseDockerfile/without_CMD_but_with_ENTRYPOINT

♻️ This comment has been updated with latest results.

@scottford-io @afiune
✨ adds USER declaritive to Dockerfile
c4d217a 
Signed-off-by: Scott Ford <[email protected]>
Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune force-pushed the scottford/dockerfile-user branch from 0dbbb99 to c4d217a Compare May 7, 2024 20:28
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 7, 2024
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@afiune
Copy link
Contributor

afiune commented May 7, 2024

I have read the Mondoo CLA Document and I hereby sign the CLA

@afiune
💡 updates from code review
7f8a5ff 
Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune requested a review from tas50 May 8, 2024 07:21
@scottford-io scottford-io changed the title ✨ adds USER declaritive to Dockerfile ✨ adds USER instruction to Dockerfile May 9, 2024
@tas50 tas50 merged commit 787ec84 into main May 9, 2024
8 checks passed
@tas50 tas50 deleted the scottford/dockerfile-user branch May 9, 2024 20:16
@github-actions github-actions bot locked and limited conversation to collaborators May 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@afiune afiune afiune left review comments

@chris-rock chris-rock chris-rock left review comments

@tas50 tas50 tas50 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@scottford-io @afiune @tas50 @chris-rock