tools/Dockerfile at main · getarcaneapp/tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# syntax=docker/dockerfile:1.7

ARG ALPINE_VERSION=3.23
ARG TRIVY_VERSION=0.70.0
ARG BUSYBOX_VERSION=1.37.0

FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS trivy-fetcher
ARG TARGETARCH
ARG TARGETVARIANT
ARG TRIVY_VERSION

RUN apk add --no-cache ca-certificates curl tar

WORKDIR /work

COPY checksums/trivy.txt /checksums/trivy_checksums.txt

RUN case "${TARGETARCH}/${TARGETVARIANT}" in \
    amd64/*) trivy_arch='64bit' ;; \
    386/*) trivy_arch='32bit' ;; \
    arm64/*) trivy_arch='ARM64' ;; \
    arm/v7) trivy_arch='ARM' ;; \
    ppc64le/*) trivy_arch='PPC64LE' ;; \
    s390x/*) trivy_arch='s390x' ;; \
    *) echo "unsupported TARGETARCH/TARGETVARIANT: ${TARGETARCH}/${TARGETVARIANT}" >&2; exit 1 ;; \
    esac && \
    trivy_file="trivy_${TRIVY_VERSION}_Linux-${trivy_arch}.tar.gz" && \
    curl -fsSLO "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/${trivy_file}" && \
    grep "  ${trivy_file}$" /checksums/trivy_checksums.txt | sha256sum -c - && \
    tar -xzf "${trivy_file}" trivy && \
    install -Dm755 trivy /out/usr/local/bin/trivy && \
    install -Dm644 /etc/ssl/certs/ca-certificates.crt /out/etc/ssl/certs/ca-certificates.crt

FROM alpine:${ALPINE_VERSION} AS busybox-builder
ARG BUSYBOX_VERSION

RUN apk add --no-cache build-base bzip2 curl linux-headers perl

WORKDIR /work

COPY checksums/busybox.sha256 /checksums/busybox.tar.bz2.sha256
COPY dist/busybox.config /tmp/busybox.config
COPY dist/applets.txt /tmp/applets.txt

RUN curl -fsSLO "https://busybox.net/downloads/busybox-${BUSYBOX_VERSION}.tar.bz2" && \
    sha256sum -c /checksums/busybox.tar.bz2.sha256 && \
    tar -xjf "busybox-${BUSYBOX_VERSION}.tar.bz2"

WORKDIR /work/busybox-${BUSYBOX_VERSION}

RUN make allnoconfig && \
    while IFS='=' read -r key value; do \
      [ -n "${key}" ] || continue; \
      sed -i \
        -e "/^${key}=.*/d" \
        -e "/^# ${key} is not set/d" \
        .config && \
      printf '%s=%s\n' "${key}" "${value}" >> .config; \
    done < /tmp/busybox.config && \
    yes n | make oldconfig

RUN make -j"$(getconf _NPROCESSORS_ONLN)"

RUN install -Dm755 busybox /out/bin/busybox && \
    mkdir -p /out/tmp /out/root/.cache && \
    while IFS= read -r applet; do \
      [ -n "${applet}" ] || continue; \
      ln -s /bin/busybox "/out/bin/${applet}"; \
    done < /tmp/applets.txt && \
    chmod 1777 /out/tmp

FROM scratch

COPY --from=busybox-builder /out/bin/ /bin/
COPY --from=busybox-builder /out/tmp /tmp
COPY --from=busybox-builder /out/root/.cache /root/.cache
COPY --from=trivy-fetcher /out/usr/local/bin/trivy /usr/local/bin/trivy
COPY --from=trivy-fetcher /out/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

ENV PATH="/usr/local/bin:/bin" \
    SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt" \
    TMPDIR="/tmp" \
    XDG_CACHE_HOME="/root/.cache"

ENTRYPOINT []