-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
39 lines (30 loc) · 1.72 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
FROM golang:1.24.0-alpine3.21 AS builder
RUN apk add --no-cache --no-progress ca-certificates gcc git make musl-dev
COPY . /src
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION # provided to 'make install'
RUN make -C /src install PREFIX=/pkg GOTOOLCHAIN=local GO_BUILDFLAGS='-mod vendor'
################################################################################
FROM alpine:3.21
RUN addgroup -g 4200 appgroup \
&& adduser -h /home/appuser -s /sbin/nologin -G appgroup -D -u 4200 appuser
# upgrade all installed packages to fix potential CVEs in advance
# also remove apk package manager to hopefully remove dependency on OpenSSL 🤞
RUN apk upgrade --no-cache --no-progress \
&& apk add --no-cache --no-progress tini tzdata \
&& wget -qO /usr/bin/linkerd-await https://github.com/linkerd/linkerd-await/releases/download/release%2Fv0.2.7/linkerd-await-v0.2.7-amd64 \
&& chmod 755 /usr/bin/linkerd-await \
&& apk del --no-cache --no-progress apk-tools alpine-keys alpine-release libc-utils
COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs/
COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --from=builder /pkg/ /usr/
# make sure all binaries can be executed
RUN swift-http-import --version 2>/dev/null
ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION
LABEL source_repository="https://github.com/sapcc/swift-http-import" \
org.opencontainers.image.url="https://github.com/sapcc/swift-http-import" \
org.opencontainers.image.created=${BININFO_BUILD_DATE} \
org.opencontainers.image.revision=${BININFO_COMMIT_HASH} \
org.opencontainers.image.version=${BININFO_VERSION}
USER 4200:4200
WORKDIR /home/appuser
ENTRYPOINT [ "/usr/bin/linkerd-await", "--shutdown", "--", "/usr/bin/swift-http-import" ]