{"id":22685845,"url":"https://github.com/hellodword/distroless-all","last_synced_at":"2026-02-13T12:45:24.388Z","repository":{"id":265801453,"uuid":"815731486","full_name":"hellodword/distroless-all","owner":"hellodword","description":null,"archived":false,"fork":false,"pushed_at":"2024-06-16T04:20:19.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-12T02:57:28.313Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hellodword.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-16T01:22:57.000Z","updated_at":"2024-06-19T06:02:45.000Z","dependencies_parsed_at":"2024-12-01T01:43:16.186Z","dependency_job_id":null,"html_url":"https://github.com/hellodword/distroless-all","commit_stats":null,"previous_names":["hellodword/distroless-all"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hellodword/distroless-all","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellodword%2Fdistroless-all","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellodword%2Fdistroless-all/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellodword%2Fdistroless-all/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellodword%2Fdistroless-all/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hellodword","download_url":"https://codeload.github.com/hellodword/distroless-all/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellodword%2Fdistroless-all/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274850516,"owners_count":25361370,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-09T22:17:49.885Z","updated_at":"2026-02-13T12:45:19.342Z","avatar_url":"https://github.com/hellodword.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# distroless-all\n\n## Tips\n\n1. `nonroot` UID/GID 65532: https://github.com/GoogleContainerTools/distroless/blob/64ac73c84c72528d574413fb246161e4d7d32248/common/variables.bzl#L18\n\n```dockerfile\nENV USER=nonroot\nENV UID=65532\n\nRUN addgroup \\\n      --gid $UID \\\n      $USER \u0026\u0026 \\\n    adduser \\\n      --disabled-password \\\n      --gecos \"\" \\\n      --home \"/nonexistent\" \\\n      --shell \"/sbin/nologin\" \\\n      --no-create-home \\\n      --uid \"${UID}\" \\\n      --ingroup $USER \\\n      \"${USER}\"\n\n# ...\n\nRUN chown -R nonroot:nonroot /opt/var/cache\n```\n\n2. COPY executable files from normal builder to distroless image, consider about dependencies, r/w directories, required system files:\n\n```dockerfile\n# https://github.com/kyos0109/nginx-distroless/blob/4fa36b8c066303f34e490aad7b407d447ade4b7d/Dockerfile\nFROM nginx as base\n\n# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones\nARG TIME_ZONE\n\nRUN sed -i -E 's/(listen[ ]+)80;/\\18080;/' /etc/nginx/conf.d/default.conf\n\nRUN mkdir -p /opt/bin /opt/etc /opt/usr/bin /opt/var/cache/nginx \u0026\u0026 \\\n    cp /usr/share/zoneinfo/${TIME_ZONE:-UTC} /opt/etc/localtime \u0026\u0026 \\\n    cp -a --parents /etc/passwd /opt \u0026\u0026 \\\n    cp -a --parents /etc/group /opt \u0026\u0026 \\\n    cp -aL --parents /var/run /opt \u0026\u0026 \\\n    cp -a --parents /usr/lib/nginx /opt \u0026\u0026 \\\n    cp -a --parents /usr/share/nginx /opt \u0026\u0026 \\\n    cp -a --parents /var/log/nginx /opt \u0026\u0026 \\\n    cp -a --parents /etc/nginx /opt \u0026\u0026 \\\n    cp -a --parents \"$(which nginx)\" /opt \u0026\u0026 \\\n    ldd \"$(which nginx)\" | grep -oP '(?\u003c==\u003e )/lib/[^ ]+\\.so' | xargs -I {} bash -xc 'cp -a --parents {}* /opt' \u0026\u0026 \\\n    cp -a --parents \"$(which nginx-debug)\" /opt \u0026\u0026 \\\n    ldd \"$(which nginx-debug)\" | grep -oP '(?\u003c==\u003e )/lib/[^ ]+\\.so' | xargs -I {} bash -xc 'cp -a --parents {}* /opt' \u0026\u0026 \\\n    true\n\nRUN chown -R nonroot:nonroot /opt/var/cache /opt/var/run\n\nRUN touch /opt/var/run/nginx.pid \u0026\u0026 \\\n    chown -R nonroot:nonroot /opt/var/run/nginx.pid\n\nFROM gcr.io/distroless/base-debian12:nonroot\n\nCOPY --from=base /opt /\n\nEXPOSE 8080 8443\n\nENTRYPOINT [\"/usr/sbin/nginx\", \"-g\", \"daemon off;\"]\n```\n\n## healthcheck\n\n\u003e https://github.com/GoogleContainerTools/distroless/issues/183\n\n1. Use the runtime in the distroless image:\n\n\u003e https://github.com/GoogleContainerTools/distroless/issues/1350#issuecomment-1619276371  \n\u003e https://www.mattknight.io/blog/docker-healthchecks-in-distroless-node-js\n\n```yaml\nhealthcheck:\n  test:\n    [\n      \"CMD\",\n      \"node\",\n      \"-e\",\n      \"require('http').get('http://localhost:3000/api/profile', (r) =\u003e {if (r.statusCode !== 200) throw new Error(r.statusCode)})\",\n    ]\n```\n\n2. embed the healthcheck to the PID 1, Go for example:\n\n```go\n\thealthcheck := flag.String(\"healthcheck\", \"\", \"http://1.example.org,http://2.example.org\")\n\tflag.Parse()\n\tif *healthcheck != \"\" {\n\t\thttp.DefaultClient.Timeout = time.Second\n\t\tfor _, healhealthcheckURL := range strings.Split(*healthcheck, \",\") {\n\t\t\tif healhealthcheckURL == \"\" {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif _, err := http.Get(healhealthcheckURL); err != nil {\n\t\t\t\tos.Exit(1)\n\t\t\t}\n\t\t}\n\t\tos.Exit(0)\n\t}\n```\n\n3. import a third-party tiny executable\n\n\u003e https://github.com/GoogleContainerTools/distroless/issues/183#issuecomment-1483015906\n\n```dockerfile\nFROM busybox AS builder\n\nARG BUSYBOX_VERSION=1.31.0-i686-uclibc\nADD https://busybox.net/downloads/binaries/$BUSYBOX_VERSION/busybox_WGET /wget\nRUN chmod a+x /wget\n\nFROM gcr.io/distroless/java\n\nCOPY --from=builder /wget /usr/bin/wget\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellodword%2Fdistroless-all","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhellodword%2Fdistroless-all","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellodword%2Fdistroless-all/lists"}