@@ -6,9 +6,17 @@ ARG GIT_VERSION=unknown
66ARG GIT_COMMIT=unknown
77ARG BUILD_DATE=unknown
88
9+ # Create a build directory owned by the build user (1001:0).
10+ # This avoids permission issues with rootless Podman where COPY
11+ # changes the working directory ownership to root.
12+ WORKDIR /build
13+ USER 0
14+ RUN chown 1001:0 /build
15+ USER 1001
16+
917# Copy the Go Modules manifests
10- COPY go.mod go.mod
11- COPY go.sum go.sum
18+ COPY --chown=1001:0 go.mod go.mod
19+ COPY --chown=1001:0 go.sum go.sum
1220# cache deps before building and copying source so that we don't need to re-download as much
1321# and so that source changes don't invalidate our downloaded layer
1422# Cache module downloads across builds
@@ -17,9 +25,9 @@ RUN --mount=type=cache,target=/opt/app-root/src/go/pkg/mod,sharing=locked,uid=10
1725 go mod download
1826
1927# Copy the go source
20- COPY cmd/ cmd/
21- COPY api/ api/
22- COPY internal/ internal/
28+ COPY --chown=1001:0 cmd/ cmd/
29+ COPY --chown=1001:0 api/ api/
30+ COPY --chown=1001:0 internal/ internal/
2331
2432# Build
2533# the GOARCH has not a default value to allow the binary be built according to the host where the command
@@ -41,8 +49,8 @@ RUN --mount=type=cache,target=/opt/app-root/src/go/pkg/mod,sharing=locked,uid=1
4149
4250FROM registry.access.redhat.com/ubi9/ubi-micro:9.8-1779858820@sha256:b498b3ea26111ab4b81d65139f2ebd2ef9a2abb7a4588b7fdcc54889f95e9caa
4351WORKDIR /
44- COPY --from=builder /opt/app-root/src /manager .
45- COPY --from=builder /opt/app-root/src /router .
52+ COPY --from=builder /build /manager .
53+ COPY --from=builder /build /router .
4654USER 65532:65532
4755
4856ENTRYPOINT ["/manager" ]
0 commit comments