release: v0.7.10

[SoulPancake]

Reverts #617

Summary by CodeRabbit

• Chores
  • Updated Docker image build configuration.

[coderabbitai]

Walkthrough

The Docker base image in .goreleaser.Dockerfile is changed from gcr.io/distroless/static:nonroot to scratch. The container's copy and entrypoint directives remain unchanged.

Changes

Cohort / File(s)	Summary
Docker Configuration .goreleaser.Dockerfile	Base image changed from gcr.io/distroless/static:nonroot to scratch.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• fix: Add CA certificates to Docker image #617: Reverses the Docker base image change by switching back from scratch to gcr.io/distroless/static:nonroot in the same Dockerfile.

Suggested reviewers

• curfew-marathon

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The pull request title 'release: v0.7.10' does not accurately describe the primary change, which is reverting a previous fix that added CA certificates to the Docker image.	Update the title to reflect the main change, such as 'revert: fix: Add CA certificates to Docker image' or 'Revert PR #617: revert distroless base image change' to clearly indicate this is a revert commit.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch revert-617-fix-releaser-dockerfile

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dosubot]

Related Documentation

Checked 8 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[Copilot]

Pull request overview

This PR reverts PR #617 by switching the GoReleaser-built Docker image back to a minimal scratch base, effectively undoing the previous change that introduced a base image with CA certificates.

Changes:

• Change the release Docker image base from gcr.io/distroless/static:nonroot to scratch.
• Keep the image contents minimal (copy fga binary, set entrypoint).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.goreleaser.Dockerfile:
- Line 1: The Dockerfile currently uses "FROM scratch" which removes system CA
certificates and user metadata causing TLS failures (x509 unknown authority) and
the container to run as root; fix by either restoring the distroless nonroot
base used before or copy only the CA bundle and a minimal passwd entry from the
build stage into the final image and set a non-root UID; specifically, in the
Dockerfile adjust the final stage that currently uses FROM scratch to (a) use
the distroless nonroot base image OR (b) COPY /etc/ssl/certs/ca-certificates.crt
(or the system cert bundle) and a minimal /etc/passwd entry from the builder
stage into the final image and add a USER directive so the fga binary runs as a
non-root user.