diff --git a/eng/dockerfile-templates/aspnet/Dockerfile.envs b/eng/dockerfile-templates/aspnet/Dockerfile.envs index ff60cb716..e7cbf9c11 100644 --- a/eng/dockerfile-templates/aspnet/Dockerfile.envs +++ b/eng/dockerfile-templates/aspnet/Dockerfile.envs @@ -1,6 +1,15 @@ {{ + _ ARGS: + is-composite-runtime (optional): Whether to include the runtime version ^ + set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^ set isWindows to find(OS_VERSION, "nanoserver") >= 0 || find(OS_VERSION, "windowsservercore") >= 0 ^ - set lineContinuation to when(isWindows, "`", "\") -}}# ASP.NET Core version -ENV ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}} + set lineContinuation to when(isWindows, "`", "\") ^ + set aspnetComment to "# ASP.NET Core version" +}}{{if ARGS["is-composite-runtime"]:ENV {{lineContinuation}} + # .NET Runtime version + DOTNET_VERSION={{VARIABLES[cat("runtime|", dotnetVersion, "|build-version")]}} {{lineContinuation}} + {{aspnetComment}} + ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}} +^else:{{aspnetComment}} +ENV ASPNET_VERSION={{VARIABLES[cat("aspnet|", dotnetVersion, "|build-version")]}}}} diff --git a/eng/dockerfile-templates/aspnet/Dockerfile.linux-composite b/eng/dockerfile-templates/aspnet/Dockerfile.linux-composite index 34a96f9a8..19c2a36a8 100644 --- a/eng/dockerfile-templates/aspnet/Dockerfile.linux-composite +++ b/eng/dockerfile-templates/aspnet/Dockerfile.linux-composite @@ -26,8 +26,7 @@ {{ if isAlpine: {{InsertTemplate("../Dockerfile.alpine.invariant-mode")}} }} -{{InsertTemplate("../runtime/Dockerfile.envs")}} -{{InsertTemplate("Dockerfile.envs")}} +{{InsertTemplate("Dockerfile.envs", [ "is-composite-runtime": "true" ])}} # Install ASP.NET Composite Runtime {{InsertTemplate("../runtime/Dockerfile.linux.install-runtime", diff --git a/eng/dockerfile-templates/runtime-deps/Dockerfile b/eng/dockerfile-templates/runtime-deps/Dockerfile index cf257e344..650e2f2bf 100644 --- a/eng/dockerfile-templates/runtime-deps/Dockerfile +++ b/eng/dockerfile-templates/runtime-deps/Dockerfile @@ -26,7 +26,12 @@ set gid to uid }}{{ if !isSingleStage:# Installer image -}}FROM {{baseImageRepo}}:{{baseImageTag}}{{if !isSingleStage: AS installer}}{{ if isInternal && isRpmInstall: +}}FROM {{baseImageRepo}}:{{baseImageTag}} + +{{InsertTemplate("../Dockerfile.common-dotnet-envs", [ + "uid": uid +])}} +{{if !isSingleStage: AS installer}}{{ if isInternal && isRpmInstall: ARG SAS_QUERY_STRING @@ -37,9 +42,7 @@ RUN {{InsertTemplate("Dockerfile.download-runtime-deps-pkg", "is-internal": isInternal ], " ")}}}} {{if isRpmInstall && isInternal:FROM {{baseImageRepo}}:{{baseImageTag}} -}} -RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}} -{{ if isRpmInstall: +}}RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}}{{ if isRpmInstall: {{if isInternal:{{InsertTemplate("../Dockerfile.linux.copy-files", [ "files": [ @@ -49,23 +52,16 @@ RUN {{InsertTemplate("../Dockerfile.linux.install-deps")}} ], "srcStage": "installer", "destination": "" -])}} -}}{{InsertTemplate("Dockerfile.install-runtime-deps-pkg", +])}}}} +{{InsertTemplate("Dockerfile.install-runtime-deps-pkg", [ "skip-download": isInternal "url-suffix": urlSuffix, "filename": rpmFilename - ])}} -}}{{if dotnetVersion != "6.0" && dotnetVersion != "7.0": + ])}}}}{{if dotnetVersion != "6.0" && dotnetVersion != "7.0": # Create a non-root user and group RUN {{InsertTemplate("Dockerfile.linux.non-root-user", [ "name": username, - "uid": uid, - "gid": gid, "append-cmd": len(utilPkgs) > 0 - ])}} -}} -{{InsertTemplate("../Dockerfile.common-dotnet-envs", [ - "uid": uid -])}} + ])}}}} diff --git a/eng/dockerfile-templates/runtime-deps/Dockerfile.chiseled-ubuntu b/eng/dockerfile-templates/runtime-deps/Dockerfile.chiseled-ubuntu index d5c9eeae2..0e1ae69d3 100644 --- a/eng/dockerfile-templates/runtime-deps/Dockerfile.chiseled-ubuntu +++ b/eng/dockerfile-templates/runtime-deps/Dockerfile.chiseled-ubuntu @@ -5,6 +5,7 @@ set uid to 64198 ^ set gid to uid }}FROM {{ARCH_VERSIONED}}/golang:1.18 as chisel + RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel WORKDIR /opt/chisel RUN go generate internal/deb/version.go \ diff --git a/eng/dockerfile-templates/runtime-deps/Dockerfile.distroless-mariner b/eng/dockerfile-templates/runtime-deps/Dockerfile.distroless-mariner index b00d1bd19..15a61175d 100644 --- a/eng/dockerfile-templates/runtime-deps/Dockerfile.distroless-mariner +++ b/eng/dockerfile-templates/runtime-deps/Dockerfile.distroless-mariner @@ -60,13 +60,13 @@ RUN rm -rf {{distrolessStagingDir}}/etc/{{when(find(OS_VERSION, "1.0") >= 0, "dn # .NET runtime-deps image FROM {{baseImage}} +{{InsertTemplate("../Dockerfile.common-dotnet-envs", [ + "uid": uid +])}} + COPY --from=installer {{distrolessStagingDir}}/ /{{if createUserHome: # Workaround for https://github.com/moby/moby/issues/38710 COPY --from=installer --chown={{uid}}:{{gid}} {{distrolessStagingDir}}/home/{{username}} /home/{{username}}}} -{{InsertTemplate("../Dockerfile.common-dotnet-envs", [ - "uid": uid -])}} - USER app diff --git a/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.distroless-user b/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.distroless-user index a9460b49a..377a1e9d1 100644 --- a/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.distroless-user +++ b/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.distroless-user @@ -2,24 +2,26 @@ _ Configures the app user and group for distroless containers _ ARGS: staging-dir: Path to the distroless staging directory + name: Name of the user/group to create create-dir (optional): Indicates whether the etc directory should be created in staging exclusive (optional): Indicates whether the app user is the only user and all other users are removed - name: Name of the user/group to create - uid: ID of the user to be created - gid: ID of the group to be created + uid: (optional) ID of the user to be created, $APP_UID by default + gid: (optional) ID of the group to be created, same as uid by default no-create-home (optional): Indicates whether a home directory should be created for the user ^ set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^ set isMariner to find(OS_VERSION, "cbl-mariner") >= 0 ^ - set isAlpine to find(OS_VERSION, "alpine") >= 0 + set isAlpine to find(OS_VERSION, "alpine") >= 0 ^ + set uid to when(len(ARGS["uid"]) > 0, ARGS["uid"], "$APP_UID") ^ + set gid to when(len(ARGS["gid"]) > 0, ARGS["gid"], uid) }}{{InsertTemplate("Dockerfile.linux.non-root-user", [ "name": ARGS["name"], - "uid": ARGS["uid"], - "gid": ARGS["gid"], + "uid": uid, + "gid": gid, "no-create-home": ARGS["no-create-home"], "no-shell": "true" ])}} \{{if !ARGS["no-create-home"]: - && install -d -m 0755 -o {{ARGS["uid"]}} -g {{ARGS["gid"]}} "{{ARGS["staging-dir"]}}/home/{{ARGS["name"]}}" \}}{{ + && install -d -m 0755 -o {{uid}} -g {{gid}} "{{ARGS["staging-dir"]}}/home/{{ARGS["name"]}}" \}}{{ if ARGS["exclusive"]:{{if ARGS["create-dir"]: && mkdir -p "{{ARGS["staging-dir"]}}/etc" \}} && rootOrAppRegex='@^\(root\|app\):' \ diff --git a/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.non-root-user b/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.non-root-user index e7b1030b9..c9e230ad4 100644 --- a/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.non-root-user +++ b/eng/dockerfile-templates/runtime-deps/Dockerfile.linux.non-root-user @@ -2,8 +2,8 @@ _ Configures a non-root user _ ARGS: name: Name of the user/group to create - uid: ID of the user to be created - gid: ID of the group to be created + gid (optional): ID of the group to be created + uid (optional): ID of the user to be created no-create-home (optional): Indicates whether a home directory should be created for the user no-shell (optional): Indicates whether the shell should be set to /bin/false ^ set dotnetVersion to join(slice(split(PRODUCT_VERSION, "."), 0, 2), ".") ^ @@ -14,6 +14,8 @@ set isDistrolessMariner to defined(match(OS_VERSION, "^cbl-mariner\d+\.\d+-distroless$")) ^ set isChiseledUbuntu to find(OS_VERSION, "chiseled") >= 0 ^ set addUserCommand to when(isDebian || isUbuntu || isMariner, "useradd -l", "adduser") ^ + set uid to when(len(ARGS["uid"]) > 0, ARGS["uid"], "$APP_UID") ^ + set gid to when(len(ARGS["gid"]) > 0, ARGS["gid"], "$APP_UID") ^ set utilPkgs to when(isMariner && !isDistrolessMariner && dotnetVersion != "6.0" && dotnetVersion != "7.0", ["shadow-utils"], []) }}{{if len(utilPkgs) > 0:{{InsertTemplate("../Dockerfile.linux.install-pkgs", [ "pkgs": utilPkgs, @@ -21,11 +23,11 @@ ])}} && }}{{if isAlpine:addgroup^else:groupadd}} \ --system \ - --gid={{ARGS["gid"]}} \ + --gid={{gid}} \ {{ARGS["name"]}} \ && {{addUserCommand}} \ - --uid {{ARGS["uid"]}} \ - {{if isAlpine:--ingroup={{ARGS["name"]}}^else:--gid {{ARGS["gid"]}}}} \{{if ARGS["no-shell"]: + --uid={{uid}} \ + {{if isAlpine:--ingroup={{ARGS["name"]}}^else:--gid={{gid}}}} \{{if ARGS["no-shell"]: --shell /bin/false \}}{{if ARGS["no-create-home"]: --no-create-home \^elif dotnetVersion != "6.0" && dotnetVersion != "7.0" && (find(addUserCommand, "useradd") >= 0) && !isChiseledUbuntu: --create-home \}} diff --git a/src/aspnet/8.0/alpine3.17-composite/amd64/Dockerfile b/src/aspnet/8.0/alpine3.17-composite/amd64/Dockerfile index 70907efec..717929fd3 100644 --- a/src/aspnet/8.0/alpine3.17-composite/amd64/Dockerfile +++ b/src/aspnet/8.0/alpine3.17-composite/amd64/Dockerfile @@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-amd64 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information. -# .NET Runtime version -ENV DOTNET_VERSION=8.0.0-preview.4.23259.5 -# ASP.NET Core version -ENV ASPNET_VERSION=8.0.0-preview.4.23260.4 +ENV \ + # .NET Runtime version + DOTNET_VERSION=8.0.0-preview.4.23259.5 \ + # ASP.NET Core version + ASPNET_VERSION=8.0.0-preview.4.23260.4 + # Install ASP.NET Composite Runtime RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-x64.tar.gz \ diff --git a/src/aspnet/8.0/alpine3.17-composite/arm32v7/Dockerfile b/src/aspnet/8.0/alpine3.17-composite/arm32v7/Dockerfile index bf269292f..f47fbfe77 100644 --- a/src/aspnet/8.0/alpine3.17-composite/arm32v7/Dockerfile +++ b/src/aspnet/8.0/alpine3.17-composite/arm32v7/Dockerfile @@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-arm32v7 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information. -# .NET Runtime version -ENV DOTNET_VERSION=8.0.0-preview.4.23259.5 -# ASP.NET Core version -ENV ASPNET_VERSION=8.0.0-preview.4.23260.4 +ENV \ + # .NET Runtime version + DOTNET_VERSION=8.0.0-preview.4.23259.5 \ + # ASP.NET Core version + ASPNET_VERSION=8.0.0-preview.4.23260.4 + # Install ASP.NET Composite Runtime RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-arm.tar.gz \ diff --git a/src/aspnet/8.0/alpine3.17-composite/arm64v8/Dockerfile b/src/aspnet/8.0/alpine3.17-composite/arm64v8/Dockerfile index 039c21fe5..ba0c47480 100644 --- a/src/aspnet/8.0/alpine3.17-composite/arm64v8/Dockerfile +++ b/src/aspnet/8.0/alpine3.17-composite/arm64v8/Dockerfile @@ -4,10 +4,12 @@ FROM $REPO:8.0.0-preview.4-alpine3.17-arm64v8 # .NET globalization APIs will use invariant mode by default because DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true is set # by the base runtime-deps image. See https://aka.ms/dotnet-globalization-alpine-containers for more information. -# .NET Runtime version -ENV DOTNET_VERSION=8.0.0-preview.4.23259.5 -# ASP.NET Core version -ENV ASPNET_VERSION=8.0.0-preview.4.23260.4 +ENV \ + # .NET Runtime version + DOTNET_VERSION=8.0.0-preview.4.23259.5 \ + # ASP.NET Core version + ASPNET_VERSION=8.0.0-preview.4.23260.4 + # Install ASP.NET Composite Runtime RUN wget -O dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$ASPNET_VERSION/aspnetcore-runtime-composite-$ASPNET_VERSION-linux-musl-arm64.tar.gz \ diff --git a/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile b/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile index cb51f9d25..bda56b8e0 100644 --- a/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile +++ b/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile @@ -1,5 +1,13 @@ FROM amd64/alpine:3.17 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,11 +18,3 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile b/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile index 6eda346f8..a5027805c 100644 --- a/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile +++ b/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile @@ -1,5 +1,13 @@ FROM arm32v7/alpine:3.17 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,11 +18,3 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile b/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile index 96cc7ad24..eb7a0026c 100644 --- a/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile @@ -1,5 +1,13 @@ FROM arm64v8/alpine:3.17 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,11 +18,3 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile b/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile index 3cdcd8af8..36e415991 100644 --- a/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile +++ b/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM amd64/debian:bullseye-slim +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile b/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile index fd8e01a57..525cd1473 100644 --- a/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile +++ b/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile @@ -1,5 +1,11 @@ FROM arm32v7/debian:bullseye-slim +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile b/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile index 8c1ab341d..b919033c0 100644 --- a/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile @@ -1,5 +1,11 @@ FROM arm64v8/debian:bullseye-slim +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/cbl-mariner1.0-distroless/amd64/Dockerfile b/src/runtime-deps/6.0/cbl-mariner1.0-distroless/amd64/Dockerfile index 04a35633b..f1a75d8d8 100644 --- a/src/runtime-deps/6.0/cbl-mariner1.0-distroless/amd64/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner1.0-distroless/amd64/Dockerfile @@ -26,8 +26,8 @@ RUN groupadd \ --gid=1000 \ app \ && useradd -l \ - --uid 1000 \ - --gid 1000 \ + --uid=1000 \ + --gid=1000 \ --shell /bin/false \ --no-create-home \ --system \ @@ -49,12 +49,12 @@ RUN rm -rf /staging/etc/dnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:1.0 -COPY --from=installer /staging/ / - ENV \ # Configure web servers to bind to port 8080 when present ASPNETCORE_URLS=http://+:8080 \ # Enable detection of running in a container DOTNET_RUNNING_IN_CONTAINER=true +COPY --from=installer /staging/ / + USER app diff --git a/src/runtime-deps/6.0/cbl-mariner1.0/amd64/Dockerfile b/src/runtime-deps/6.0/cbl-mariner1.0/amd64/Dockerfile index 9dc0bf8d0..b7d0c4584 100644 --- a/src/runtime-deps/6.0/cbl-mariner1.0/amd64/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner1.0/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:1.0 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \ && echo "$dotnet_sha512 dotnet-runtime-deps.rpm" | sha512sum -c - \ && rpm --install dotnet-runtime-deps.rpm \ && rm dotnet-runtime-deps.rpm - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/cbl-mariner2.0-distroless/amd64/Dockerfile b/src/runtime-deps/6.0/cbl-mariner2.0-distroless/amd64/Dockerfile index 52bbe2053..c3114b113 100644 --- a/src/runtime-deps/6.0/cbl-mariner2.0-distroless/amd64/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner2.0-distroless/amd64/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=101 \ app \ && useradd -l \ - --uid 101 \ - --gid 101 \ + --uid=101 \ + --gid=101 \ --shell /bin/false \ --no-create-home \ --system \ @@ -58,8 +58,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - ENV \ # Configure web servers to bind to port 8080 when present ASPNETCORE_URLS=http://+:8080 \ @@ -68,4 +66,6 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + USER app diff --git a/src/runtime-deps/6.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile b/src/runtime-deps/6.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile index 52bbe2053..c3114b113 100644 --- a/src/runtime-deps/6.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=101 \ app \ && useradd -l \ - --uid 101 \ - --gid 101 \ + --uid=101 \ + --gid=101 \ --shell /bin/false \ --no-create-home \ --system \ @@ -58,8 +58,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - ENV \ # Configure web servers to bind to port 8080 when present ASPNETCORE_URLS=http://+:8080 \ @@ -68,4 +66,6 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + USER app diff --git a/src/runtime-deps/6.0/cbl-mariner2.0/amd64/Dockerfile b/src/runtime-deps/6.0/cbl-mariner2.0/amd64/Dockerfile index 9e7926038..87635c0c7 100644 --- a/src/runtime-deps/6.0/cbl-mariner2.0/amd64/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner2.0/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \ && echo "$dotnet_sha512 dotnet-runtime-deps.rpm" | sha512sum -c - \ && tdnf install -y --disablerepo=* dotnet-runtime-deps.rpm \ && rm dotnet-runtime-deps.rpm - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/cbl-mariner2.0/arm64v8/Dockerfile b/src/runtime-deps/6.0/cbl-mariner2.0/arm64v8/Dockerfile index 6406622c7..fa3d32d81 100644 --- a/src/runtime-deps/6.0/cbl-mariner2.0/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/cbl-mariner2.0/arm64v8/Dockerfile @@ -1,5 +1,11 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -20,9 +26,3 @@ RUN dotnet_version=6.0.16 \ && echo "$dotnet_sha512 dotnet-runtime-deps.rpm" | sha512sum -c - \ && tdnf install -y --disablerepo=* dotnet-runtime-deps.rpm \ && rm dotnet-runtime-deps.rpm - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/focal/amd64/Dockerfile b/src/runtime-deps/6.0/focal/amd64/Dockerfile index 9cb3cb2d0..f9815571e 100644 --- a/src/runtime-deps/6.0/focal/amd64/Dockerfile +++ b/src/runtime-deps/6.0/focal/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:focal +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/focal/arm32v7/Dockerfile b/src/runtime-deps/6.0/focal/arm32v7/Dockerfile index 9cb3cb2d0..f9815571e 100644 --- a/src/runtime-deps/6.0/focal/arm32v7/Dockerfile +++ b/src/runtime-deps/6.0/focal/arm32v7/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:focal +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/focal/arm64v8/Dockerfile b/src/runtime-deps/6.0/focal/arm64v8/Dockerfile index 9cb3cb2d0..f9815571e 100644 --- a/src/runtime-deps/6.0/focal/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/focal/arm64v8/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:focal +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/jammy/amd64/Dockerfile b/src/runtime-deps/6.0/jammy/amd64/Dockerfile index f643dde8b..f61345b38 100644 --- a/src/runtime-deps/6.0/jammy/amd64/Dockerfile +++ b/src/runtime-deps/6.0/jammy/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile b/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile index f643dde8b..f61345b38 100644 --- a/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile +++ b/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile b/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile index f643dde8b..f61345b38 100644 --- a/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile +++ b/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile @@ -1,5 +1,11 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,9 +19,3 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/7.0/cbl-mariner2.0-distroless/amd64/Dockerfile b/src/runtime-deps/7.0/cbl-mariner2.0-distroless/amd64/Dockerfile index 44c9ebf54..a67ecd1f1 100644 --- a/src/runtime-deps/7.0/cbl-mariner2.0-distroless/amd64/Dockerfile +++ b/src/runtime-deps/7.0/cbl-mariner2.0-distroless/amd64/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=101 \ app \ && useradd -l \ - --uid 101 \ - --gid 101 \ + --uid=101 \ + --gid=101 \ --shell /bin/false \ --system \ app \ @@ -58,11 +58,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - -# Workaround for https://github.com/moby/moby/issues/38710 -COPY --from=installer --chown=101:101 /staging/home/app /home/app - ENV \ # Configure web servers to bind to port 8080 when present ASPNETCORE_URLS=http://+:8080 \ @@ -71,4 +66,9 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + +# Workaround for https://github.com/moby/moby/issues/38710 +COPY --from=installer --chown=101:101 /staging/home/app /home/app + USER app diff --git a/src/runtime-deps/7.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile b/src/runtime-deps/7.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile index 44c9ebf54..a67ecd1f1 100644 --- a/src/runtime-deps/7.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile +++ b/src/runtime-deps/7.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=101 \ app \ && useradd -l \ - --uid 101 \ - --gid 101 \ + --uid=101 \ + --gid=101 \ --shell /bin/false \ --system \ app \ @@ -58,11 +58,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - -# Workaround for https://github.com/moby/moby/issues/38710 -COPY --from=installer --chown=101:101 /staging/home/app /home/app - ENV \ # Configure web servers to bind to port 8080 when present ASPNETCORE_URLS=http://+:8080 \ @@ -71,4 +66,9 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + +# Workaround for https://github.com/moby/moby/issues/38710 +COPY --from=installer --chown=101:101 /staging/home/app /home/app + USER app diff --git a/src/runtime-deps/7.0/cbl-mariner2.0/amd64/Dockerfile b/src/runtime-deps/7.0/cbl-mariner2.0/amd64/Dockerfile index c2cacb408..8883f7ebe 100644 --- a/src/runtime-deps/7.0/cbl-mariner2.0/amd64/Dockerfile +++ b/src/runtime-deps/7.0/cbl-mariner2.0/amd64/Dockerfile @@ -1,5 +1,11 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -12,9 +18,3 @@ RUN tdnf install -y \ openssl-libs \ zlib \ && tdnf clean all - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/7.0/cbl-mariner2.0/arm64v8/Dockerfile b/src/runtime-deps/7.0/cbl-mariner2.0/arm64v8/Dockerfile index c2cacb408..8883f7ebe 100644 --- a/src/runtime-deps/7.0/cbl-mariner2.0/arm64v8/Dockerfile +++ b/src/runtime-deps/7.0/cbl-mariner2.0/arm64v8/Dockerfile @@ -1,5 +1,11 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # Configure web servers to bind to port 80 when present + ASPNETCORE_URLS=http://+:80 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -12,9 +18,3 @@ RUN tdnf install -y \ openssl-libs \ zlib \ && tdnf clean all - -ENV \ - # Configure web servers to bind to port 80 when present - ASPNETCORE_URLS=http://+:80 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile b/src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile index 9b77a6a2b..a63fb75ce 100644 --- a/src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile +++ b/src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile @@ -1,5 +1,15 @@ FROM amd64/alpine:3.17 +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,24 +20,13 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - # Create a non-root user and group RUN addgroup \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && adduser \ - --uid 64198 \ + --uid=$APP_UID \ --ingroup=app \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile b/src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile index 0112744d5..09b7f2b4e 100644 --- a/src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile @@ -1,5 +1,15 @@ FROM arm32v7/alpine:3.17 +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,24 +20,13 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - # Create a non-root user and group RUN addgroup \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && adduser \ - --uid 64198 \ + --uid=$APP_UID \ --ingroup=app \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile b/src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile index 7be724075..27928f450 100644 --- a/src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile @@ -1,5 +1,15 @@ FROM arm64v8/alpine:3.17 +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true \ + # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true + RUN apk add --no-cache \ ca-certificates \ \ @@ -10,24 +20,13 @@ RUN apk add --no-cache \ libssl3 \ libstdc++ \ zlib - # Create a non-root user and group RUN addgroup \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && adduser \ - --uid 64198 \ + --uid=$APP_UID \ --ingroup=app \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true \ - # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true diff --git a/src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile b/src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile index a59f1dea7..591fabf4f 100644 --- a/src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile +++ b/src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile @@ -1,5 +1,13 @@ FROM amd64/debian:bookworm-slim +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile b/src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile index 76d88890e..665dccd28 100644 --- a/src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile @@ -1,5 +1,13 @@ FROM arm32v7/debian:bookworm-slim +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile b/src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile index ac89e139d..9c1ff76ae 100644 --- a/src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile @@ -1,5 +1,13 @@ FROM arm64v8/debian:bookworm-slim +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile b/src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile index 617d29bb3..a989c4e44 100644 --- a/src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile +++ b/src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=64198 \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=64198 \ + --gid=64198 \ --shell /bin/false \ --create-home \ --system \ @@ -59,11 +59,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - -# Workaround for https://github.com/moby/moby/issues/38710 -COPY --from=installer --chown=64198:64198 /staging/home/app /home/app - ENV \ # UID of the non-root user 'app' APP_UID=64198 \ @@ -74,4 +69,9 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + +# Workaround for https://github.com/moby/moby/issues/38710 +COPY --from=installer --chown=64198:64198 /staging/home/app /home/app + USER app diff --git a/src/runtime-deps/8.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile b/src/runtime-deps/8.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile index 617d29bb3..a989c4e44 100644 --- a/src/runtime-deps/8.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/cbl-mariner2.0-distroless/arm64v8/Dockerfile @@ -35,8 +35,8 @@ RUN groupadd \ --gid=64198 \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=64198 \ + --gid=64198 \ --shell /bin/false \ --create-home \ --system \ @@ -59,11 +59,6 @@ RUN rm -rf /staging/etc/tdnf \ # .NET runtime-deps image FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 -COPY --from=installer /staging/ / - -# Workaround for https://github.com/moby/moby/issues/38710 -COPY --from=installer --chown=64198:64198 /staging/home/app /home/app - ENV \ # UID of the non-root user 'app' APP_UID=64198 \ @@ -74,4 +69,9 @@ ENV \ # Set the invariant mode since ICU package isn't included (see https://github.com/dotnet/announcements/issues/20) DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true +COPY --from=installer /staging/ / + +# Workaround for https://github.com/moby/moby/issues/38710 +COPY --from=installer --chown=64198:64198 /staging/home/app /home/app + USER app diff --git a/src/runtime-deps/8.0/cbl-mariner2.0/amd64/Dockerfile b/src/runtime-deps/8.0/cbl-mariner2.0/amd64/Dockerfile index 01bb97af4..eb6f4e2d9 100644 --- a/src/runtime-deps/8.0/cbl-mariner2.0/amd64/Dockerfile +++ b/src/runtime-deps/8.0/cbl-mariner2.0/amd64/Dockerfile @@ -1,5 +1,13 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -12,28 +20,19 @@ RUN tdnf install -y \ openssl-libs \ zlib \ && tdnf clean all - # Create a non-root user and group RUN tdnf install -y \ shadow-utils \ && groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app \ && tdnf remove -y \ shadow-utils \ && tdnf clean all - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/cbl-mariner2.0/arm64v8/Dockerfile b/src/runtime-deps/8.0/cbl-mariner2.0/arm64v8/Dockerfile index 01bb97af4..eb6f4e2d9 100644 --- a/src/runtime-deps/8.0/cbl-mariner2.0/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/cbl-mariner2.0/arm64v8/Dockerfile @@ -1,5 +1,13 @@ FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN tdnf install -y \ ca-certificates \ \ @@ -12,28 +20,19 @@ RUN tdnf install -y \ openssl-libs \ zlib \ && tdnf clean all - # Create a non-root user and group RUN tdnf install -y \ shadow-utils \ && groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app \ && tdnf remove -y \ shadow-utils \ && tdnf clean all - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile index adbab6e74..02c0439d4 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile @@ -1,4 +1,5 @@ FROM amd64/golang:1.18 as chisel + RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel WORKDIR /opt/chisel RUN go generate internal/deb/version.go \ @@ -15,8 +16,8 @@ RUN groupadd \ --gid=64198 \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=64198 \ + --gid=64198 \ --shell /bin/false \ --system \ app \ diff --git a/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile index 5afb736f7..4f431e28f 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile @@ -1,4 +1,5 @@ FROM arm32v7/golang:1.18 as chisel + RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel WORKDIR /opt/chisel RUN go generate internal/deb/version.go \ @@ -15,8 +16,8 @@ RUN groupadd \ --gid=64198 \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=64198 \ + --gid=64198 \ --shell /bin/false \ --system \ app \ diff --git a/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile index 39fb64527..d5d3429c8 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile @@ -1,4 +1,5 @@ FROM arm64v8/golang:1.18 as chisel + RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel WORKDIR /opt/chisel RUN go generate internal/deb/version.go \ @@ -15,8 +16,8 @@ RUN groupadd \ --gid=64198 \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=64198 \ + --gid=64198 \ --shell /bin/false \ --system \ app \ diff --git a/src/runtime-deps/8.0/jammy/amd64/Dockerfile b/src/runtime-deps/8.0/jammy/amd64/Dockerfile index a1eb6e137..99da4893d 100644 --- a/src/runtime-deps/8.0/jammy/amd64/Dockerfile +++ b/src/runtime-deps/8.0/jammy/amd64/Dockerfile @@ -1,5 +1,13 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/jammy/arm32v7/Dockerfile b/src/runtime-deps/8.0/jammy/arm32v7/Dockerfile index a1eb6e137..99da4893d 100644 --- a/src/runtime-deps/8.0/jammy/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/jammy/arm32v7/Dockerfile @@ -1,5 +1,13 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true diff --git a/src/runtime-deps/8.0/jammy/arm64v8/Dockerfile b/src/runtime-deps/8.0/jammy/arm64v8/Dockerfile index a1eb6e137..99da4893d 100644 --- a/src/runtime-deps/8.0/jammy/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/jammy/arm64v8/Dockerfile @@ -1,5 +1,13 @@ FROM ubuntu.azurecr.io/ubuntu:jammy +ENV \ + # UID of the non-root user 'app' + APP_UID=64198 \ + # Configure web servers to bind to port 8080 when present + ASPNETCORE_HTTP_PORTS=8080 \ + # Enable detection of running in a container + DOTNET_RUNNING_IN_CONTAINER=true + RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,23 +21,14 @@ RUN apt-get update \ libstdc++6 \ zlib1g \ && rm -rf /var/lib/apt/lists/* - # Create a non-root user and group RUN groupadd \ --system \ - --gid=64198 \ + --gid=$APP_UID \ app \ && useradd -l \ - --uid 64198 \ - --gid 64198 \ + --uid=$APP_UID \ + --gid=$APP_UID \ --create-home \ --system \ app - -ENV \ - # UID of the non-root user 'app' - APP_UID=64198 \ - # Configure web servers to bind to port 8080 when present - ASPNETCORE_HTTP_PORTS=8080 \ - # Enable detection of running in a container - DOTNET_RUNNING_IN_CONTAINER=true