-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
37 lines (28 loc) · 1.02 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# syntax=docker/dockerfile:1
## Build stage
FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 as build
RUN apk --no-cache add ca-certificates tzdata
RUN addgroup --gid 65532 kani && \
adduser --disabled-password --gecos "" \
--home "/etc/kani" --no-create-home \
-G kani --uid 65532 \
--shell="/sbin/nologin" \
kani
RUN mkdir -p /etc/kani/ && chown -R kani:kani /etc/kani/
WORKDIR /build/kani
COPY . .
RUN go mod download
RUN go mod verify
RUN GOOS=$(go env GOOS) GOARCH=$(go env GOARCH) CGO_ENABLED=0 GOGC=off \
go build -trimpath -ldflags "-s -w" -o /build/kani/dist/kani ./cmd/kani
## Run stage
FROM scratch
COPY --from=build /etc/group /etc/group
COPY --from=build /etc/passwd /etc/passwd
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build /etc/kani /etc/kani
COPY --from=build /build/kani/dist/kani /bin/kani
USER kani:kani
WORKDIR /etc/kani/
ENTRYPOINT ["/bin/kani"]