Update Dockerfile to run as unprivileged user (!127) · Merge requests · GitLab.org / release-cli

Av1o requested to merge av1o/release-cli:master into master Mar 31, 2022

What does this MR do and why?

This MR updates the Dockerfile to run as an unprivileged user. Since the release-cli application only talks to the GitLab API, there is no requirement for it to run with such high privileges. Running as root is on the top of the security checklist for most organisations and squashing it should help improve adoption.

To ensure backwards compatibility, the releaser user has a gid of 0. This has the added benefit of OpenShift compatibility.

Checklist

I added tests
Green pipeline
Assign to reviewer

Edited Apr 11, 2022 by Vladimir Shushlin

Update Dockerfile to run as unprivileged user

What does this MR do and why?

Checklist

Merge request reports