-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
Copy pathDockerfile.chiseled-ubuntu
51 lines (40 loc) · 1.33 KB
/
Dockerfile.chiseled-ubuntu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{{
set osVersionBase to match(OS_VERSION, ".+(?=.*-)")[0] ^
set osVersionNumber to split(OS_ARCH_HYPHENATED, "-")[1] ^
set username to "app" ^
set uid to 101 ^
set gid to uid
}}FROM {{ARCH_VERSIONED}}/golang:1.18 as chisel
RUN git clone --depth 1 -b main https://github.com/canonical/chisel /opt/chisel
WORKDIR /opt/chisel
RUN go generate internal/deb/version.go \
&& go build ./cmd/chisel
FROM {{ARCH_VERSIONED}}/ubuntu:{{osVersionBase}} as builder
RUN apt-get update && \
apt-get install -y ca-certificates
RUN {{InsertTemplate("Dockerfile.linux.distroless-user",
[
"staging-dir": "/rootfs",
"exclusive": "true",
"create-dir": "true",
"name": username,
"uid": uid,
"gid": gid,
"create-home": "true"
],
" ")}}
COPY --from=chisel /opt/chisel/chisel /usr/bin/
RUN chisel cut --release "ubuntu-{{osVersionNumber}}" --root /rootfs \
base-files_base \
ca-certificates_data \
libc6_libs \
libgcc-s1_libs \
libssl3_libs \
libstdc++6_libs \
zlib1g_libs
FROM scratch
COPY --from=builder /rootfs /
# Workaround for https://github.com/moby/moby/issues/38710
COPY --from=builder --chown={{uid}}:{{gid}} /rootfs/home/{{username}} /home/{{username}}
{{InsertTemplate("../Dockerfile.common-dotnet-envs")}}
USER app