From 942fb8f6603e37ad199a5cee630d89bfd9d3e619 Mon Sep 17 00:00:00 2001
From: Morten Torkildsen <mortent@google.com>
Date: Wed, 20 Sep 2023 22:41:02 +0000
Subject: [PATCH] Switch porch-server to use distroless image

Signed-off-by: Morten Torkildsen <mortent@google.com>
---
 porch/build/Dockerfile.porch | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/porch/build/Dockerfile.porch b/porch/build/Dockerfile.porch
index b479dbddf..195d16f1b 100644
--- a/porch/build/Dockerfile.porch
+++ b/porch/build/Dockerfile.porch
@@ -31,6 +31,7 @@ RUN echo "Downloading porch modules ..." \
 RUN echo "Downloading api modules ..." \
  && cd porch/api && go mod download
 
+ENV CGO_ENABLED=0
 # Prebuild some library dependencies to warm the cache
 RUN cd porch; go build -v \
   google.golang.org/grpc \
@@ -53,15 +54,7 @@ COPY porch/func porch/func
 
 RUN cd porch; go build -v -o /porch ./cmd/porch
 
-FROM debian:bookworm-slim
-RUN apt update && apt install -y ca-certificates && apt install -y git && rm -rf /var/lib/apt && rm -rf /var/cache/apt
-
-RUN useradd -s /bin/bash -d /home/porch/ -m -u 1999 porch
-WORKDIR /home/porch
-
-COPY --from=builder /porch /home/porch/porch
-RUN chown porch:porch /home/porch/porch; chmod +x /home/porch/porch
-
-USER porch
-
-ENTRYPOINT ["/home/porch/porch"]
+FROM gcr.io/distroless/static:nonroot
+COPY --from=builder --chown=nonroot:nonroot /porch /home/nonroot/porch
+USER nonroot:nonroot
+ENTRYPOINT ["/home/nonroot/porch"]