Skip to content

Commit

Permalink
[Go SDK] Use distroless:debian12 (no-ssl) as base image. (#30011)
Browse files Browse the repository at this point in the history
* [Go SDK] Use distroless:debian12 (no-ssl) as base image.

* ws lint

* Update changes

* add space

---------

Co-authored-by: lostluck <[email protected]>
  • Loading branch information
lostluck and lostluck authored Feb 7, 2024
1 parent c72a9f8 commit a15dd7e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 14 deletions.
1 change: 1 addition & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@

## Security Fixes
* Fixed (CVE-YYYY-NNNN)[https://www.cve.org/CVERecord?id=CVE-YYYY-NNNN] (Java/Python/Go) ([#X](https://github.com/apache/beam/issues/X)).
* Go SDK base container image moved to distroless/base-nossl-debian12, reducing vulnerable container surface to kernel and glibc ([#30011](https://github.com/apache/beam/pull/30011)).

## Known Issues

Expand Down
15 changes: 1 addition & 14 deletions sdks/go/container/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,30 +16,17 @@
# limitations under the License.
###############################################################################

FROM debian:bookworm
FROM gcr.io/distroless/base-nossl-debian12:latest
LABEL Author "Apache Beam <[email protected]>"

ARG TARGETOS
ARG TARGETARCH

ARG pull_licenses

RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
ca-certificates \
&& \
rm -rf /var/lib/apt/lists/*

ADD target/${TARGETOS}_${TARGETARCH}/boot /opt/apache/beam/

COPY target/LICENSE /opt/apache/beam/
COPY target/NOTICE /opt/apache/beam/

# Add Go licenses.
COPY target/go-licenses/* /opt/apache/beam/third_party_licenses/golang/
RUN if [ "$pull_licenses" = "false" ] ; then \
# Remove above golang license and dir if pull licenses false
rm -rf /opt/apache/beam/third_party_licenses ; \
fi

ENTRYPOINT ["/opt/apache/beam/boot"]

0 comments on commit a15dd7e

Please sign in to comment.