Add CI job to build rootless filebeat image

dnum-mi · Sep 8, 2023 · b953a17 · b953a17
1 parent 80ba589
commit b953a17
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/.github/workflows/build-filebeat-rootless.yml b/.github/workflows/build-filebeat-rootless.yml
@@ -0,0 +1,25 @@
+name: Build and push Filebeat rootless image
+
+on: workflow_dispatch
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          file: ./infra/filebeat.Dockerfile
+          push: true
+          tags: ghcr.io/datalab-mi/basegun/filebeat-rootless:6.5.4
diff --git a/infra/filebeat.Dockerfile b/infra/filebeat.Dockerfile
@@ -0,0 +1,7 @@
+FROM docker.io/elastic/filebeat:6.5.4
+USER root
+RUN ls
+RUN grep -rlw http /etc |while read i ;do sed -ri 's#\b80\b#8080#' ${i} ; sed -ri 's#\b443\b#6443#' ${i} ;done
+RUN find / -xdev -exec chmod -f -c g=u {} \; -exec chown -f -c 1001:root {} \; >/dev/null 2>&1
+RUN grep -w 1001 /etc/passwd ||echo "rootless:x:1001:0:root:/root:/bin/bash" >>/etc/passwd
+USER 1001