[TT-17009] make Docker images backward compatible with runAsUser: 1000 #8104
+7
−2
probelabs / Visor: performance
succeeded
Apr 20, 2026 in 36s
✅ Check Passed (Warnings Found)
performance check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Performance (1)
⚠️ ci/Dockerfile.distroless:14 - Thechmod -R a+rXcommand is executed for all builds, including FIPS builds where achown -Ris also performed. If the container for a FIPS build is run as user65532, which now owns the files, the global read/execute permissions fromchmodare likely redundant. This results in an unnecessary recursive filesystem traversal during the image build, slowing down the build process for FIPS images.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 15 in ci/Dockerfile.distroless
probelabs / Visor: performance
performance Issue
The `chmod -R a+rX` command is executed for all builds, including FIPS builds where a `chown -R` is also performed. If the container for a FIPS build is run as user `65532`, which now owns the files, the global read/execute permissions from `chmod` are likely redundant. This results in an unnecessary recursive filesystem traversal during the image build, slowing down the build process for FIPS images.
Raw output
Restructure the logic to only apply the necessary permissions for each case. For FIPS builds (`NONROOT_CHOWN=true`), the `chown` command should be sufficient. For non-FIPS builds, the `chmod` is needed for compatibility. This avoids running two recursive filesystem operations when one is sufficient.
Loading