diff options
author | John Helmert III <ajak@gentoo.org> | 2022-11-07 10:27:31 -0600 |
---|---|---|
committer | John Helmert III <ajak@gentoo.org> | 2022-11-08 15:19:02 -0600 |
commit | 230a83ece103c5294e24adcd164698eedbb3ac44 (patch) | |
tree | e995bddbb9fb8c8a4a1154b33e7961cda3bf0829 /Dockerfile.updater | |
parent | Revert "Add pgsql extension required to power the search." (diff) | |
download | soko-230a83ece103c5294e24adcd164698eedbb3ac44.tar.gz soko-230a83ece103c5294e24adcd164698eedbb3ac44.tar.bz2 soko-230a83ece103c5294e24adcd164698eedbb3ac44.zip |
Use kaniko instead of using docker itself
We're not running the runner with the ability to start privileged
docker containers, so we need to use something capable of working
without privileges.
"kaniko solves two problems with using the Docker-in-Docker build
method:
Docker-in-Docker requires privileged mode to function, which is a
significant security concern..."
Reference: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html
Signed-off-by: John Helmert III <ajak@gentoo.org>
Diffstat (limited to 'Dockerfile.updater')
-rw-r--r-- | Dockerfile.updater | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Dockerfile.updater b/Dockerfile.updater index 4ea0f8a..5a0f80d 100644 --- a/Dockerfile.updater +++ b/Dockerfile.updater @@ -17,9 +17,11 @@ RUN emerge --quiet-build dev-vcs/git RUN echo 'FEATURES="-userpriv -usersandbox -sandbox"' >> /etc/portage/make.conf RUN rm -rf /var/db/repos/gentoo +# We can't start from scratch and copy / due to: +# https://github.com/GoogleContainerTools/kaniko/issues/2033 +# FROM scratch +# COPY --from=gentoobuilder / / -FROM scratch -COPY --from=gentoobuilder / / COPY --from=builder /go/src/soko/assets /go/src/soko/assets COPY --from=builder /go/src/soko/bin /go/src/soko/bin COPY --from=builder /go/src/soko/pkg /go/src/soko/pkg |