-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathContainerfile.trustify
More file actions
41 lines (32 loc) · 1.53 KB
/
Containerfile.trustify
File metadata and controls
41 lines (32 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
FROM registry.access.redhat.com/ubi9/ubi:latest AS builder
RUN uname -m && \
dnf install -y --setopt=install_weak_deps=False \
zlib \
openssl-devel \
git \
gcc && \
dnf clean all
ENV PATH="/root/.cargo/bin:${PATH}"
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain 1.92.0
ARG rev
RUN ["bash", "-c", "\
git clone https://github.com/guacsec/trustify ; \
if [[ -n \"$rev\" ]]; then \
cd trustify ; \
# update the fetch configuration for the origin remote, instructing Git to fetch pull request data: \
# +refs/pull/*/head specifies that Git should fetch the head of all pull requests \
# refs/remotes/origin/pr/* tells Git to store these heads in a local ref path that can be checked out easily by PR number \
git config --add remote.origin.fetch \"+refs/pull/*/head:refs/remotes/origin/pr/*\" ; \
# pull all PR data into local repository under the refs specified above \
git fetch origin ; \
# leveraging the configuration above, 'rev' can be a branch name, commit digest or a PR number (in the format pr/<PR_number>, e.g. pr/1573) \
git checkout \"$rev\" ; \
fi \
"]
RUN cd trustify && cargo build --release --no-default-features --features bundled
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
RUN microdnf install -y --setopt=install_weak_deps=0 \
openssl && \
microdnf clean all
COPY --from=builder /trustify/target/release/trustd /usr/local/bin/trustd
ENTRYPOINT ["/usr/local/bin/trustd"]