Skip to content

Commit 9d191a8

Browse files
benjaminskiljanbenjaminskiljan
committed
pin images to hash, clean up dockerfile
1 parent 6905a44 commit 9d191a8

File tree

1 file changed

+27
-25
lines changed

1 file changed

+27
-25
lines changed

images/algorand/Dockerfile

Lines changed: 27 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# syntax=docker/dockerfile:1.3-labs
2-
FROM debian:12 as build
2+
FROM debian:12@sha256:b6507e340c43553136f5078284c8c68d86ec8262b1724dde73c325e8d3dcdeba as build
33

44
ARG ALGORAND_VERSION=v4.1.2-stable
55
ARG GO_VERSION=1.23.9
@@ -22,53 +22,55 @@ RUN <<-EOF
2222
libboost-dev \
2323
autoconf \
2424
automake \
25-
python3 && \
26-
curl -L -o /tmp/go-linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz && \
25+
python3
26+
curl -L -o /tmp/go-linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz
2727
tar -C /usr/local -xf /tmp/go-linux-amd64.tar.gz
2828
EOF
2929

3030
RUN <<-EOF
31-
git clone --branch "$ALGORAND_VERSION" https://github.com/algorand/go-algorand.git && \
32-
cd go-algorand && \
33-
./scripts/configure_dev.sh && \
34-
./scripts/buildtools/install_buildtools.sh && \
35-
make build && \
36-
find /opt/algorand/go/bin -type f -executable -exec strip -s {} + 2>/dev/null || true && \
37-
./scripts/local_install.sh -c stable -p ${GOPATH}/bin -d /opt/algorand/algorand-defaults -f -s && \
38-
rm /opt/algorand/algorand-defaults/genesis.json && \
39-
cp installer/genesis/mainnet/genesis.json /opt/algorand/algorand-defaults/genesis-mainnet.json && \
40-
cp installer/genesis/betanet/genesis.json /opt/algorand/algorand-defaults/genesis-betanet.json && \
41-
cp installer/genesis/devnet/genesis.json /opt/algorand/algorand-defaults/genesis-devnet.json && \
31+
git clone --branch "$ALGORAND_VERSION" https://github.com/algorand/go-algorand.git
32+
cd go-algorand
33+
./scripts/configure_dev.sh
34+
./scripts/buildtools/install_buildtools.sh
35+
make build
36+
find /opt/algorand/go/bin -type f -executable -exec strip -s {} + 2>/dev/null || true
37+
./scripts/local_install.sh -c stable -p ${GOPATH}/bin -d /opt/algorand/algorand-defaults -f -s
38+
rm /opt/algorand/algorand-defaults/genesis.json
39+
cp installer/genesis/mainnet/genesis.json /opt/algorand/algorand-defaults/genesis-mainnet.json
40+
cp installer/genesis/betanet/genesis.json /opt/algorand/algorand-defaults/genesis-betanet.json
41+
cp installer/genesis/devnet/genesis.json /opt/algorand/algorand-defaults/genesis-devnet.json
4242
cp installer/genesis/testnet/genesis.json /opt/algorand/algorand-defaults/genesis-testnet.json
4343
EOF
4444

45-
RUN mkdir -p /opt/algorand/.algorand && \
46-
touch /opt/algorand/.algorand/algod.token && \
47-
touch /opt/algorand/.algorand/algod.admin.token && \
48-
chown -R 65532:65532 /opt/algorand/
45+
RUN <<-EOF
46+
mkdir -p /opt/algorand/.algorand
47+
touch /opt/algorand/.algorand/algod.token
48+
touch /opt/algorand/.algorand/algod.admin.token
49+
EOF
4950

5051
COPY scripts/entrypoint.go /tmp/entrypoint.go
51-
RUN go build -o /tmp/entrypoint /tmp/entrypoint.go && \
52-
chown 65532:65532 /tmp/entrypoint
52+
RUN <<-EOF
53+
go build -o /tmp/entrypoint /tmp/entrypoint.go
54+
EOF
5355

54-
FROM gcr.io/distroless/static-debian12:nonroot as final
56+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46 as final
5557

5658
ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London"
5759

5860
ENV GOPATH=/opt/algorand/go
5961
ENV ALGORAND_DATA=/opt/algorand/.algorand
6062

6163
# Binaries for core functionality
62-
COPY --from=build \
64+
COPY --from=build --chown=65532:65532 \
6365
/opt/algorand/go/bin/algod \
6466
/opt/algorand/go/bin/goal \
6567
/opt/algorand/go/bin/kmd \
6668
/opt/algorand/go/bin/
67-
COPY --from=build /opt/algorand/algorand-defaults/ /opt/algorand/algorand-defaults/
69+
COPY --from=build --chown=65532:65532 /opt/algorand/algorand-defaults/ /opt/algorand/algorand-defaults/
6870
COPY --from=build --chown=65532:65532 /opt/algorand/.algorand/ /opt/algorand/.algorand/
6971

70-
COPY --from=build /tmp/entrypoint /opt/algorand/scripts/entrypoint
71-
COPY default-config/ /opt/algorand/default-config/
72+
COPY --from=build --chown=65532:65532 /tmp/entrypoint /opt/algorand/scripts/entrypoint
73+
COPY --chown=65532:65532 default-config/ /opt/algorand/default-config/
7274

7375
ENTRYPOINT ["/opt/algorand/scripts/entrypoint"]
7476
CMD ["/opt/algorand/go/bin/algod"]

0 commit comments

Comments
 (0)