Skip to content

feat: Use setpriv and rm gosu, use newer toolchain with dasel#858

Draft
devanbenz wants to merge 10 commits intomasterfrom
db/865/binary-cleanup
Draft

feat: Use setpriv and rm gosu, use newer toolchain with dasel#858
devanbenz wants to merge 10 commits intomasterfrom
db/865/binary-cleanup

Conversation

@devanbenz
Copy link
Copy Markdown
Contributor

@devanbenz devanbenz commented Mar 30, 2026

No description provided.

@devanbenz devanbenz requested a review from Copilot March 30, 2026 18:37
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the InfluxDB 2.8 container images to remove gosu/su-exec and switch to setpriv for dropping root privileges, while changing how dasel is provided (built during image build rather than downloaded as a release artifact).

Changes:

  • Replace gosu/su-exec with setpriv in both Debian and Alpine entrypoints.
  • Add setpriv runtime dependencies (util-linux on Debian, setpriv package on Alpine) and remove the gosu install block.
  • Build and copy dasel via a Go builder stage instead of downloading + SHA256-verifying release binaries.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
influxdb/2.8/entrypoint.sh Switch root step-down mechanism from gosu to setpriv.
influxdb/2.8/Dockerfile Remove gosu, add util-linux for setpriv, and build dasel via Go builder stage.
influxdb/2.8/alpine/entrypoint.sh Switch root step-down mechanism from su-exec to setpriv.
influxdb/2.8/alpine/Dockerfile Remove su-exec, add setpriv, and build dasel via Go builder stage.
Comments suppressed due to low confidence (1)

influxdb/2.8/alpine/Dockerfile:23

  • The previous dasel install step included a build-time smoke test (dasel --version). With the new COPY --from=dasel-builder approach, consider adding a simple version/executable check after the COPY so broken builder outputs are caught during image build rather than at runtime.
# Install dasel for configuration parsing, built with a current Go toolchain.
COPY --from=dasel-builder /go/bin/dasel /usr/local/bin/dasel

RUN addgroup -S -g 1000 influxdb && \
    adduser -S -G influxdb -u 1000 -h /home/influxdb -s /bin/sh influxdb && \
    mkdir -p /home/influxdb && \
    chown -R influxdb:influxdb /home/influxdb

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@devanbenz devanbenz requested a review from Copilot March 30, 2026 19:10
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

devanbenz and others added 6 commits March 30, 2026 14:41
@devanbenz
feat: use v3 of dasel
efdc55b
@devanbenz
feat: add check for filesystem path
a04cf26 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@devanbenz
feat: safety check for filepath
4c2d271 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@devanbenz
feat: Fix envvar
219256a
@devanbenz
feat: Merge branch 'db/865/binary-cleanup' of github.com:influxdata/i…
d1c6984 
…nfluxdata-docker into db/865/binary-cleanup
@devanbenz
Merge branch 'master' into db/865/binary-cleanup
04ec0bf
@devanbenz devanbenz requested a review from Copilot March 31, 2026 20:16
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@devanbenz
feat: Apply suggestions from code review
340ada3 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devanbenz