/
Dockerfile
40 lines (31 loc) · 1.58 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
FROM golang:1.22.3-alpine3.19 as builder
RUN apk add --no-cache --no-progress ca-certificates gcc git make musl-dev
COPY . /src
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION # provided to 'make install'
RUN make -C /src install PREFIX=/pkg GOTOOLCHAIN=local GO_BUILDFLAGS='-mod vendor'
################################################################################
FROM alpine:3.19
RUN addgroup -g 4200 appgroup \
&& adduser -h /home/appuser -s /sbin/nologin -G appgroup -D -u 4200 appuser
# upgrade all installed packages to fix potential CVEs in advance
# also remove apk package manager to hopefully remove dependency on OpenSSL 🤞
RUN apk upgrade --no-cache --no-progress \
&& apk del --no-cache --no-progress apk-tools alpine-keys
COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs/
COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --from=builder /pkg/ /usr/
# make sure all binaries can be executed
RUN doop-analyzer --version 2>/dev/null
RUN doop-api --version 2>/dev/null
RUN doop-image-checker --version 2>/dev/null
RUN helm-manifest-generator --version 2>/dev/null
RUN helm-manifest-parser --version 2>/dev/null
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION
LABEL source_repository="https://github.com/sapcc/gatekeeper-addons" \
org.opencontainers.image.url="https://github.com/sapcc/gatekeeper-addons" \
org.opencontainers.image.created=${BININFO_BUILD_DATE} \
org.opencontainers.image.revision=${BININFO_COMMIT_HASH} \
org.opencontainers.image.version=${BININFO_VERSION}
USER 4200:4200
WORKDIR /home/appuser
ENTRYPOINT [ "/usr/bin/doop-analyzer" ]