From 4fafd1afefc08ab7ebaeac4d554b9b7d2d72d22a Mon Sep 17 00:00:00 2001
From: Wilson Husin <whusin@vmware.com>
Date: Wed, 17 Feb 2021 19:49:22 -0800
Subject: [PATCH] Use distroless to build Conformance image

In order to avoid noisy / false positive CVE image scanning, Conformance
image is now be built based on Distroless.

Signed-off-by: Wilson Husin <whusin@vmware.com>
---
 cluster/images/conformance/Dockerfile | 9 +++++++--
 cluster/images/conformance/Makefile   | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cluster/images/conformance/Dockerfile b/cluster/images/conformance/Dockerfile
index f1f79d26519..05ce828875e 100644
--- a/cluster/images/conformance/Dockerfile
+++ b/cluster/images/conformance/Dockerfile
@@ -14,12 +14,17 @@
 
 ARG BASEIMAGE
 
+FROM gcr.io/k8s-staging-build-image/debian-base:v2.1.3 as base
+
 FROM ${BASEIMAGE}
 
+# This is a dependency for `kubectl diff` tests
+COPY --from=base /usr/bin/diff /usr/local/bin/
+
 COPY ginkgo /usr/local/bin/
 COPY e2e.test /usr/local/bin/
 COPY kubectl /usr/local/bin/
-COPY run_e2e.sh /run_e2e.sh
+COPY gorunner /run_e2e.sh
 COPY gorunner /gorunner
 COPY cluster /kubernetes/cluster
 WORKDIR /usr/local/bin
@@ -32,4 +37,4 @@ ENV E2E_VERBOSITY="4"
 ENV RESULTS_DIR="/tmp/results"
 ENV KUBECONFIG=""
 
-CMD [ "/bin/bash", "-c", "/run_e2e.sh" ]
+CMD [ "/gorunner" ]
diff --git a/cluster/images/conformance/Makefile b/cluster/images/conformance/Makefile
index fa7e523db88..fbda4feef8b 100644
--- a/cluster/images/conformance/Makefile
+++ b/cluster/images/conformance/Makefile
@@ -31,7 +31,7 @@ E2E_GO_RUNNER_BIN?=$(shell test -f $(LOCAL_OUTPUT_PATH)/go-runner && echo $(LOCA
 
 CLUSTER_DIR?=$(shell pwd)/../../../cluster/
 
-BASEIMAGE=debian:stable-slim
+BASEIMAGE=gcr.io/distroless/base:nonroot
 TEMP_DIR:=$(shell mktemp -d -t conformanceXXXXXX)
 
 all: build