Use the numeric UID:GID in generated Dockerfile (!97) · Merge requests · european-language-grid / platform / python-client

Services on ELG are deployed via knative, and there are plans in the upcoming version of knative (1.10?) to forbid containers that run as root by default as part of a better baseline security model - you can opt in if required but the default pod securityContext will specify runAsNonRoot: true

However, this mode rejects images whose USER metadata is expressed as symbolic user and group names, as these are resolved relative to the /etc/passwd inside the image itself and you can't tell whether a given name maps to UID 0 until the image is run. To be compatible with runAsNonRoot the image must specify its UID/GID numerically.

This MR switches to a numeric USER in the Dockerfile generated by elg docker create

Use the numeric UID:GID in generated Dockerfile

Merge request reports