From f8ef130370e47bc361833b41baa0ed7aa1f81bd2 Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Mon, 24 Oct 2022 19:22:03 -0500
Subject: [PATCH] :seedling: Distroless container (#982)

* :seedling: Distroless container

- Distroless containers

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Update Dockerfile

Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
---
 Dockerfile | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7f07a78b..40ae7f78 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,17 +35,6 @@ ARG TARGETOS
 ARG TARGETARCH
 RUN CGO_ENABLED=0 make build
 
-# TODO: use distroless:
-# FROM gcr.io/distroless/base:nonroot@sha256:02f667185ccf78dbaaf79376b6904aea6d832638e1314387c2c2932f217ac5cb
-FROM debian:11.5-slim@sha256:b46fc4e6813f6cbd9f3f6322c72ab974cc0e75a72ca02730a8861e98999875c7
-
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-    # For debugging.
-    jq ca-certificates curl
+FROM gcr.io/distroless/base:nonroot@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434
 COPY --from=build /src/scorecard-action /
-
-# Copy a test policy for local testing.
-COPY policies/template.yml  /policy.yml
-
 ENTRYPOINT [ "/scorecard-action" ]