Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(docker): specify user for runner stage #7641

Merged
merged 4 commits into from
Mar 27, 2025
Merged

build(docker): specify user for runner stage #7641

merged 4 commits into from
Mar 27, 2025

Conversation

pixincreate
Copy link
Member

@pixincreate pixincreate commented Mar 26, 2025
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This PR modifies the Dockerfile to specify the user at runner stage.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

From the security perspective, it is better to be a user rather than being a root.
Closes #7643

How did you test it?

build succeeded (tested by making a debug build):

image

podman build \
    --load \
    --file Dockerfile \
    --build-arg "BINARY=router" \
    --tag hyperswitch-router \
    .

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@pixincreate pixincreate added A-infra Area: Infrastructure S-waiting-on-review Status: This PR has been implemented and needs to be reviewed labels Mar 26, 2025
@pixincreate pixincreate added this to the March 2025 Release milestone Mar 26, 2025
@pixincreate pixincreate self-assigned this Mar 26, 2025
@semanticdiff-com SemanticDiff.com
Copy link

Review changes with  SemanticDiff

@pixincreate pixincreate marked this pull request as ready for review March 26, 2025 11:25
@pixincreate pixincreate requested a review from a team as a code owner March 26, 2025 11:25
@pixincreate pixincreate requested a review from Chethan-rao March 26, 2025 11:29
@pixincreate pixincreate force-pushed the dockerfile-add-user branch from 4c46d59 to 33a9fa9 Compare March 26, 2025 18:20
@pixincreate pixincreate force-pushed the dockerfile-add-user branch 3 times, most recently from 5e68f3c to 3b07997 Compare March 26, 2025 19:04
@pixincreate pixincreate force-pushed the dockerfile-add-user branch from 3b07997 to 1ceb359 Compare March 26, 2025 19:05
@SanchithHegde SanchithHegde added this pull request to the merge queue Mar 27, 2025
@SanchithHegde SanchithHegde removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label Mar 27, 2025
Merged via the queue into main with commit ce3f249 Mar 27, 2025
17 of 20 checks passed
@SanchithHegde SanchithHegde deleted the dockerfile-add-user branch March 27, 2025 09:20
pixincreate added a commit that referenced this pull request Mar 27, 2025
@pixincreate
Merge branch 'main' of github.com:juspay/hyperswitch into ci/pm_activ…
f50ffab 
…e-status-check

* 'main' of github.com:juspay/hyperswitch:
  build(docker): specify user for runner stage (#7641)
  chore(version): 2025.03.27.0
  fix(connector): [Nexixpay] update status mapping nexixpay (#7612)
  refactor(connector): [TrustPay] Fix status and wasm changes  (#7649)
  fix(connector): [redsys] psync transaction type mapping (#7628)
  feat(themes): Add email configuration support for themes (#7580)
  feat(core): add profile level config for debit routing feature (#7470)
  fix(connector): [CYBERSOURCE]  change ucaf_collection_indicator for mastercard payments via netcetera (#7623)
  fix(connector): fix required fields for mandates supported connectors (#6930)
  chore(cypress): bump cypress to `v14.2.0` (#7640)
  feat(connector): [BRAINTREE] Pass connector request reference id (#7609)
  fix(connector): [GlobalPay] Address `5xx` when cancelling a paypal transaction (#7605)
  feat(dashboard_metadata): Add `ReconStatus` in `dashboard_metadata` (#7595)
  fix(connectors): [Adyen] remove redundant enums  (#7601)
  feat: add routing support for v2 sdk session flow (#6763)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@ShankarSinghC ShankarSinghC ShankarSinghC approved these changes

@Chethan-rao Chethan-rao Awaiting requested review from Chethan-rao

Assignees

@pixincreate pixincreate

Labels
A-infra Area: Infrastructure
Projects
None yet
Milestone
March 2025 Release
Development

Successfully merging this pull request may close these issues.

[Docker] Change user to non-privileged one before running binary
3 participants
@pixincreate @SanchithHegde @ShankarSinghC