-
Notifications
You must be signed in to change notification settings - Fork 41
Expand file tree
/
Copy pathbrew.Dockerfile
More file actions
36 lines (33 loc) · 1.41 KB
/
brew.Dockerfile
File metadata and controls
36 lines (33 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# https://registry.access.redhat.com/rhel8/go-toolset
FROM rhel8/go-toolset:1.21.13-1 as builder
ENV GOPATH=/go/ \
CGO_ENABLED=1
USER root
WORKDIR /che-machine-exec/
COPY . .
# to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image
RUN adduser unprivilegeduser && \
GOOS=linux go build -mod=vendor -a -ldflags '-w -s' -a -installsuffix cgo -o che-machine-exec . && \
mkdir -p /rootfs/tmp /rootfs/etc /rootfs/go/bin && \
# In the `scratch` you can't use Dockerfile#RUN, because there is no shell and no standard commands (mkdir and so on).
# That's why prepare absent `/tmp` folder for scratch image
chmod 1777 /rootfs/tmp && \
cp -rf /etc/passwd /rootfs/etc && \
cp -rf /che-machine-exec/che-machine-exec /rootfs/go/bin
# https://registry.access.redhat.com/ubi8-minimal
FROM registry.access.redhat.com/ubi8-minimal:8.10-1086 as runtime
COPY --from=builder /rootfs /
RUN microdnf install -y openssl; microdnf clean -y all
USER unprivilegeduser
ENTRYPOINT ["/go/bin/che-machine-exec"]
# append Brew metadata here