fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

.github/workflows/release.yml

@@ -127,30 +127,6 @@ jobs:
         tag_with_ref: true
         tag_with_sha: true
 
-  container-vulnerability-scan:
-    runs-on: ubuntu-18.04
-    needs: container-prod
-    steps:
-    - name: Source checkout
-      uses: actions/checkout@v2
-    - name: Generate Short SHA Container Tag
-      id: vars
-      run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)"
-    - name: Check outputs
-      run: echo ${{ steps.vars.outputs.sha_short }}
-    - name: Docker Login
-      run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN
-    - uses: anchore/scan-action@master
-      with:
-        image-reference: "${{ env.REGISTRY }}/${{ github.repository }}:${{ steps.vars.outputs.sha_short }}"
-        dockerfile-path: "./build/docker/Dockerfile"
-        fail-build: false
-        acs-report-enable: true
-    - name: Upload Anchore Scan Report
-      uses: github/codeql-action/upload-sarif@v1
-      with:
-        sarif_file: results.sarif
-
   release:
     runs-on: ubuntu-18.04
     needs: [container-prod]

build/docker/Dockerfile

@@ -1,14 +1,14 @@
 # This Stage prepares the user in the container and copies the files
 FROM alpine:latest as prepare
 RUN adduser -D zitadel
-COPY .artifacts/zitadel-linux-amd64 /zitadel
+COPY .artifacts/zitadel-linux-amd64 /app/zitadel
-COPY cmd/zitadel/*.yaml /
+COPY cmd/zitadel/*.yaml /app/
-RUN chmod a+x /zitadel
+RUN chmod a+x /app/zitadel
 
 # This Stage is intended as production image
 FROM scratch as final
 COPY --from=prepare /etc/passwd /etc/passwd
-COPY --from=prepare / /
+COPY --from=prepare /app /
 USER zitadel
 HEALTHCHECK NONE
 ENTRYPOINT ["/zitadel"]