fix(dockerfile): copy file with proper permissions#746
Conversation
|
There was a problem hiding this comment.
Pull request overview
This PR attempts to fix file permissions in the Dockerfile by adding --chown flags to COPY commands and reordering instructions. However, the changes introduce a critical bug by placing the USER directive before copying the application files.
Key Changes:
- Reordered USER directive to execute before COPY commands (problematic)
- Added
--chown=65532:65532flags to COPY commands for explicit ownership - Moved the "Add non-root user" comment after the USER directive
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Run as non-root user | ||
| USER 65532:65532 | ||
|
|
||
| # Add non-root user | ||
| COPY --chmod=0755 --chown=65532:65532 $TARGETPLATFORM/sablier /bin/sablier | ||
| COPY --chmod=0644 --chown=65532:65532 build/sablier.yaml /etc/sablier/sablier.yaml | ||
|
|
There was a problem hiding this comment.
The USER directive is set before copying the application files. This means the container switches to a non-root user (65532:65532) before the necessary files (/bin/sablier and /etc/sablier/sablier.yaml) are available. This will cause the ENTRYPOINT to fail since /bin/sablier won't exist when the container runs.
The correct order should be:
- COPY the files first (with appropriate --chmod and --chown flags)
- Then set the USER directive
The original order in the diff (lines with '-' prefix) was correct.
| # Run as non-root user | |
| USER 65532:65532 | |
| # Add non-root user | |
| COPY --chmod=0755 --chown=65532:65532 $TARGETPLATFORM/sablier /bin/sablier | |
| COPY --chmod=0644 --chown=65532:65532 build/sablier.yaml /etc/sablier/sablier.yaml | |
| # Add non-root user | |
| COPY --chmod=0755 --chown=65532:65532 $TARGETPLATFORM/sablier /bin/sablier | |
| COPY --chmod=0644 --chown=65532:65532 build/sablier.yaml /etc/sablier/sablier.yaml | |
| # Run as non-root user | |
| USER 65532:65532 |
| # Run as non-root user | ||
| USER 65532:65532 | ||
|
|
||
| # Add non-root user |
There was a problem hiding this comment.
The comment "Add non-root user" is misleading. The USER directive doesn't add a user; it switches the execution context to an existing user (UID 65532). Consider updating this comment to something like "# Copy application files" or "# Copy files with non-root ownership" to accurately describe what these COPY commands do.
| # Add non-root user | |
| # Copy files with non-root ownership |
|
✅ All tests successful. No failed tests were found. 📣 Thoughts on this report? Let Codecov know! | Powered by Codecov |
|
Codecov Report✅ All modified and coverable lines are covered by tests. |
Closes #745