add linting, switch to su-exec

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3013
+  - DL3018

Dockerfile

@@ -1,22 +1,22 @@
 FROM hashicorp/terraform:0.14.6
-MAINTAINER "Contino APAC <delivery.au@contino.io>"
+LABEL maintainer="Contino APAC <delivery.au@contino.io>"
 
 RUN apk add --update --no-cache \
         make \
         bash \
         python3 \
         py3-pip \
         jq && \
-    pip3 install --upgrade pip && \
-    pip3 install \
+    pip3 install --quiet --no-cache-dir --upgrade pip && \
+    pip3 install --quiet --no-cache-dir \
         google \
         google-api-python-client \
         google-auth \
         awscli
 
-# download and install gosu
-COPY --from=gosu/assets /opt/gosu /opt/gosu
-RUN /opt/gosu/gosu.install.sh && rm -fr /opt/gosu
+# install and test su-exec
+RUN apk add --update --no-cache su-exec && \
+    su-exec nobody true
 
 # use custom entrypoint to always use hosts user UID and GID
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh

Makefile

@@ -7,6 +7,10 @@ TAG = $(TERRAFORM_VERSION)
 build:
 	docker build -t $(IMAGE_NAME) .
 
+.PHONY: lint
+lint:
+	docker run --rm -i -v $(dir $(abspath $(firstword $(MAKEFILE_LIST)))):/work --workdir=/work hadolint/hadolint < Dockerfile
+
 .PHONY: test
 test:
 	docker run --rm -it --entrypoint="terraform" $(IMAGE_NAME) --version

entrypoint.sh

@@ -20,5 +20,5 @@ else
   adduser -S -s /bin/bash -u "${USER_ID}" -G "${GROUP_NAME}" "${USER_NAME}"
 
   # run commands with new UID and GID
-  exec gosu "${USER_NAME}" terraform "$@"
+  exec su-exec "${USER_NAME}" terraform "$@"
 fi