From e044ee16ee04c0ca8d48d102b53be0a0d4603df6 Mon Sep 17 00:00:00 2001
From: Daniel W <github@danieljw.net>
Date: Thu, 22 Apr 2021 13:23:31 +1000
Subject: [PATCH] add linting, switch to su-exec

---
 .hadolint.yaml |  3 +++
 Dockerfile     | 12 ++++++------
 Makefile       |  4 ++++
 entrypoint.sh  |  2 +-
 4 files changed, 14 insertions(+), 7 deletions(-)
 create mode 100644 .hadolint.yaml

diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 0000000..a504ff7
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,3 @@
+ignored:
+  - DL3013
+  - DL3018
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index a7905da..c109ad5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 FROM hashicorp/terraform:0.14.6
-MAINTAINER "Contino APAC <delivery.au@contino.io>"
+LABEL maintainer="Contino APAC <delivery.au@contino.io>"
 
 RUN apk add --update --no-cache \
         make \
@@ -7,16 +7,16 @@ RUN apk add --update --no-cache \
         python3 \
         py3-pip \
         jq && \
-    pip3 install --upgrade pip && \
-    pip3 install \
+    pip3 install --quiet --no-cache-dir --upgrade pip && \
+    pip3 install --quiet --no-cache-dir \
         google \
         google-api-python-client \
         google-auth \
         awscli
 
-# download and install gosu
-COPY --from=gosu/assets /opt/gosu /opt/gosu
-RUN /opt/gosu/gosu.install.sh && rm -fr /opt/gosu
+# install and test su-exec
+RUN apk add --update --no-cache su-exec && \
+    su-exec nobody true
 
 # use custom entrypoint to always use hosts user UID and GID
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
diff --git a/Makefile b/Makefile
index bc11557..e9d9f33 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,10 @@ TAG = $(TERRAFORM_VERSION)
 build:
 	docker build -t $(IMAGE_NAME) .
 
+.PHONY: lint
+lint:
+	docker run --rm -i -v $(dir $(abspath $(firstword $(MAKEFILE_LIST)))):/work --workdir=/work hadolint/hadolint < Dockerfile
+
 .PHONY: test
 test:
 	docker run --rm -it --entrypoint="terraform" $(IMAGE_NAME) --version
diff --git a/entrypoint.sh b/entrypoint.sh
index 3a22f91..d2643da 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -20,5 +20,5 @@ else
   adduser -S -s /bin/bash -u "${USER_ID}" -G "${GROUP_NAME}" "${USER_NAME}"
 
   # run commands with new UID and GID
-  exec gosu "${USER_NAME}" terraform "$@"
+  exec su-exec "${USER_NAME}" terraform "$@"
 fi