-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
36 lines (27 loc) · 1.41 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM golang:1.23.5-alpine3.21 AS builder
RUN apk add --no-cache --no-progress ca-certificates gcc git make musl-dev
COPY . /src
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION # provided to 'make install'
RUN make -C /src install PREFIX=/pkg GOTOOLCHAIN=local GO_BUILDFLAGS='-mod vendor'
################################################################################
FROM alpine:3.21
RUN addgroup -g 4200 appgroup \
&& adduser -h /home/appuser -s /sbin/nologin -G appgroup -D -u 4200 appuser
# upgrade all installed packages to fix potential CVEs in advance
# also remove apk package manager to hopefully remove dependency on OpenSSL 🤞
RUN apk upgrade --no-cache --no-progress \
&& apk del --no-cache --no-progress apk-tools alpine-keys alpine-release libc-utils
COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs/
COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --from=builder /pkg/ /usr/
# make sure all binaries can be executed
RUN hermescli --version 2>/dev/null
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION
LABEL source_repository="https://github.com/sapcc/hermescli" \
org.opencontainers.image.url="https://github.com/sapcc/hermescli" \
org.opencontainers.image.created=${BININFO_BUILD_DATE} \
org.opencontainers.image.revision=${BININFO_COMMIT_HASH} \
org.opencontainers.image.version=${BININFO_VERSION}
USER 4200:4200
WORKDIR /home/appuser
ENTRYPOINT [ "/usr/bin/hermescli" ]