nexus-configuration-controller/.container/Dockerfile at 1d3e2ada38d3b91e4650f094b99f66e30f4a44ad · SneaksAndData/nexus-configuration-controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
FROM --platform=$BUILDPLATFORM golang:1.24-bookworm AS build-stage

ARG TARGETOS
ARG TARGETARCH
ARG APPVERSION
ARG BUILDNUMBER

WORKDIR /app

COPY . ./

RUN go mod verify && go mod vendor

RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -ldflags "-X github.com/SneaksAndData/nexus-core/pkg/buildmeta.AppVersion=$APPVERSION -X github.com/SneaksAndData/nexus-core/pkg/buildmeta.BuildNumber=$BUILDNUMBER" -o /app -v ./...

FROM --platform=$BUILDPLATFORM public.ecr.aws/amazonlinux/amazonlinux:2 AS aws-cli-stage

ARG TARGETARCH

RUN yum update -y && yum install -y unzip curl \
    && echo "BUILDING AWS CLI FOR: $TARGETARCH" \
    && cli_arch=$(test "$TARGETARCH" = "amd64" && echo "x86_64" || echo "aarch64") \
    && curl "https://awscli.amazonaws.com/awscli-exe-linux-$cli_arch.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
  # The --bin-dir is specified so that we can copy the
  # entire bin directory from the installer stage into
  # into /usr/local/bin of the final stage without
  # accidentally copying over any other executables that
  # may be present in /usr/local/bin of the installer stage.
    && ./aws/install --bin-dir /aws-cli-bin/


# Deploy the application binary into a lean image
FROM gcr.io/distroless/python3-debian12 AS build-release-stage

WORKDIR /app

COPY --from=build-stage /app /app

COPY --from=aws-cli-stage /usr/local/aws-cli/ /usr/local/aws-cli/
COPY --from=aws-cli-stage /aws-cli-bin/ /usr/local/bin/

COPY .container/appconfig.yaml /app/appconfig.yaml

USER nonroot:nonroot

ENTRYPOINT ["/app/nexus-configuration-controller"]