RE1-T119 Migrating to Docker Hardened Images

Web/Resgrid.Web.Eventing/Dockerfile

@@ -1,12 +1,14 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+FROM dhi.io/dotnet:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 EXPOSE 80
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 ARG BUILD_VERSION
 WORKDIR /src
 COPY ["Web/Resgrid.Web.Eventing/Resgrid.Web.Eventing.csproj", "Web/Resgrid.Web.Eventing/"]
@@ -24,12 +26,11 @@ WORKDIR "/src/Web/Resgrid.Web.Eventing"
 FROM build AS publish
 ARG BUILD_VERSION
 RUN dotnet publish "Resgrid.Web.Eventing.csproj" -c Release -o /app/publish  -p:Version=${BUILD_VERSION}
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait /app/publish/wait
+RUN chmod +x /app/publish/wait
 
 FROM base AS final
-## Add the wait script to the image
-ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait wait
-RUN chmod +x wait
-
 WORKDIR /app
 COPY --from=publish /app/publish .
-ENTRYPOINT ["sh", "-c", "./wait && dotnet Resgrid.Web.Eventing.dll"]
+ENTRYPOINT ["./wait"]
+CMD ["dotnet", "Resgrid.Web.Eventing.dll"]

Web/Resgrid.Web.Mcp/Dockerfile

@@ -2,12 +2,14 @@
 
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+FROM dhi.io/dotnet:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 EXPOSE 8080
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 ARG BUILD_VERSION
 WORKDIR /src
 COPY ["Web/Resgrid.Web.Mcp/Resgrid.Web.Mcp.csproj", "Web/Resgrid.Web.Mcp/"]
@@ -35,13 +37,11 @@ WORKDIR "/src/Web/Resgrid.Web.Mcp"
 FROM build AS publish
 ARG BUILD_VERSION
 RUN dotnet publish "Resgrid.Web.Mcp.csproj" -c Release -o /app/publish -p:Version=${BUILD_VERSION}
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait /app/publish/wait
+RUN chmod +x /app/publish/wait
 
 FROM base AS final
-## Add the wait script to the image
-ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait wait
-RUN chmod +x wait
-
 WORKDIR /app
 COPY --from=publish /app/publish .
-
-ENTRYPOINT ["sh", "-c", "./wait && dotnet Resgrid.Web.Mcp.dll"]
+ENTRYPOINT ["./wait"]
+CMD ["dotnet", "Resgrid.Web.Mcp.dll"]

Web/Resgrid.Web.Services/Dockerfile

@@ -2,12 +2,14 @@
 
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+FROM dhi.io/dotnet:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 EXPOSE 80
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 ARG BUILD_VERSION
 WORKDIR /src
 COPY ["Web/Resgrid.Web.Services/Resgrid.Web.Services.csproj", "Web/Resgrid.Web.Services/"]
@@ -35,12 +37,11 @@ WORKDIR "/src/Web/Resgrid.Web.Services"
 FROM build AS publish
 ARG BUILD_VERSION
 RUN dotnet publish "Resgrid.Web.Services.csproj" -c Release -o /app/publish -p:Version=${BUILD_VERSION}
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait /app/publish/wait
+RUN chmod +x /app/publish/wait
 
 FROM base AS final
-## Add the wait script to the image
-ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait wait
-RUN chmod +x wait
-
 WORKDIR /app
 COPY --from=publish /app/publish .
-ENTRYPOINT ["sh", "-c", "./wait && dotnet Resgrid.Web.Services.dll"]
+ENTRYPOINT ["./wait"]
+CMD ["dotnet", "Resgrid.Web.Services.dll"]

Web/Resgrid.Web.Tts/Dockerfile

@@ -1,11 +1,13 @@
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+FROM dhi.io/dotnet:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 EXPOSE 8080
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 ARG BUILD_VERSION
 WORKDIR /src
 
@@ -64,4 +66,4 @@ COPY --from=build /app/publish .
 
 ENV ASPNETCORE_URLS=http://+:8080
 USER appuser
-ENTRYPOINT ["dotnet", "Resgrid.Web.Tts.dll"]
+ENTRYPOINT ["dotnet", "Resgrid.Web.Tts.dll"]

Web/Resgrid.Web/Dockerfile

@@ -1,13 +1,15 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/aspnet:9.0.3-noble-amd64 AS base
+FROM dhi.io/aspnetcore:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 EXPOSE 80
 
 #FROM node:18.19-alpine3.19 AS node_base
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 #RUN apt-get update && apt-get install nodejs
 #COPY --from=node_base . .
 #COPY --from=node_base /usr/lib /usr/lib
@@ -52,12 +54,12 @@ ENV PATH="${PATH}:/root/.dotnet/tools"
 RUN for i in 1 2 3; do libman restore && break || { echo "libman restore attempt $i failed, retrying..."; sleep 10; }; done
 ENV SKIP_LIBMAN_RESTORE=1
 RUN dotnet publish "Resgrid.Web.csproj" -c Release -o /app/publish -p:Version=${BUILD_VERSION}
+## Download the wait script in the build stage where a shell is available
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait /app/publish/wait
+RUN chmod +x /app/publish/wait
 
 FROM base AS final
-## Add the wait script to the image
-ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait wait
-RUN chmod +x wait
-
 WORKDIR /app
 COPY --from=publish /app/publish .
-ENTRYPOINT ["sh", "-c", "./wait && dotnet Resgrid.Web.dll"]
+ENTRYPOINT ["./wait"]
+CMD ["dotnet", "Resgrid.Web.dll"]

Workers/Resgrid.Workers.Console/Dockerfile

@@ -1,11 +1,13 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
 ARG BUILD_VERSION=3.5.0
 
-FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+#FROM mcr.microsoft.com/dotnet/runtime:9.0.3-noble-amd64 AS base
+FROM dhi.io/dotnet:9.0.16-debian13 AS base
 ARG BUILD_VERSION
 WORKDIR /app
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+#FROM mcr.microsoft.com/dotnet/sdk:9.0.202-noble-amd64 AS build
+FROM dhi.io/dotnet:9.0.314-sdk-debian13 AS build
 ARG BUILD_VERSION
 WORKDIR /src
 
@@ -35,11 +37,10 @@ WORKDIR "/src/Workers/Resgrid.Workers.Console"
 FROM build AS publish
 ARG BUILD_VERSION
 RUN dotnet publish "Resgrid.Workers.Console.csproj" -c Release -o /app/publish -p:Version=${BUILD_VERSION}
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait /app/publish/wait
+RUN chmod +x /app/publish/wait
 
 FROM base AS final
-## Add the wait script to the image
-ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.9.0/wait wait
-RUN chmod +x wait
 
 WORKDIR /app
 
@@ -65,4 +66,5 @@ RUN set -xe \
 
 COPY --from=publish /app/publish .
 
-ENTRYPOINT ["sh", "-c", "./wait && dotnet Resgrid.Workers.Console.dll"]
+ENTRYPOINT ["./wait"]
+CMD ["dotnet", "Resgrid.Workers.Console.dll"]