forked from google/trillian
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathDockerfile.createtree.rh
70 lines (58 loc) · 3.63 KB
/
Dockerfile.createtree.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:80086a5f16a5a4a7eedaf8d3fa0696f3013df80cfe68e1dd8ab4d0ae5cf0c886 AS build-env
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT
ENV CGO_ENABLED=false
ENV -buildvcs=false
WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
# Add source code
ADD ./ $APP_ROOT/src/
RUN go mod download && \
git config --global --add safe.directory /opt/app-root/src && \
make -f Build-clis.mak createtree-cross-platform && \
cp createtree-linux-amd64 createtree && \
gzip createtree-linux-amd64 && \
gzip createtree-linux-ppc64le && \
gzip createtree-linux-s390x && \
gzip createtree-linux-arm64 && \
gzip createtree-darwin-amd64 && \
gzip createtree-darwin-arm64 && \
gzip createtree-windows-amd64.exe
# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:a9c41b5bff991254fc62846fd1cd377ce1967dfd66dc2c76432610ab2586b29b AS deploy
# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/createtree /
# Add license file
COPY LICENSE /licenses/LICENSE
LABEL description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency."
LABEL io.k8s.description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper."
LABEL io.k8s.display-name="createtree"
LABEL io.openshift.tags="trillian createtree trusted-artifact-signer"
LABEL summary="Provides the trillian createtree binary for creating merkel trees."
LABEL com.redhat.component="createtree"
LABEL name="createtree"
COPY --from=build-env /opt/app-root/src/createtree-darwin-amd64.gz /usr/local/bin/createtree-darwin-amd64.gz
COPY --from=build-env /opt/app-root/src/createtree-windows-amd64.exe.gz /usr/local/bin/createtree-windows-amd64.exe.gz
COPY --from=build-env /opt/app-root/src/createtree-darwin-arm64.gz /usr/local/bin/createtree-darwin-arm64.gz
COPY --from=build-env /opt/app-root/src/createtree-linux-arm64.gz /usr/local/bin/createtree-linux-arm64.gz
COPY --from=build-env /opt/app-root/src/createtree-linux-ppc64le.gz /usr/local/bin/createtree-linux-ppc64le.gz
COPY --from=build-env /opt/app-root/src/createtree-linux-s390x.gz /usr/local/bin/createtree-linux-s390x.gz
COPY --from=build-env /opt/app-root/src/createtree-linux-amd64.gz /usr/local/bin/createtree-linux-amd64.gz
COPY --from=build-env /opt/app-root/src/createtree /usr/local/bin/createtree
RUN chown root:0 /usr/local/bin/createtree && \
chmod g+wx /usr/local/bin/createtree && \
chown root:0 /usr/local/bin/createtree-darwin-amd64.gz && chmod g+wx /usr/local/bin/createtree-darwin-amd64.gz && \
chown root:0 /usr/local/bin/createtree-darwin-arm64.gz && chmod g+wx /usr/local/bin/createtree-darwin-arm64.gz && \
chown root:0 /usr/local/bin/createtree-windows-amd64.exe.gz && chmod g+wx /usr/local/bin/createtree-windows-amd64.exe.gz && \
chown root:0 /usr/local/bin/createtree-linux-arm64.gz && chmod g+wx /usr/local/bin/createtree-linux-arm64.gz && \
chown root:0 /usr/local/bin/createtree-linux-amd64.gz && chmod g+wx /usr/local/bin/createtree-linux-amd64.gz && \
chown root:0 /usr/local/bin/createtree-linux-ppc64le.gz && chmod g+wx /usr/local/bin/createtree-linux-ppc64le.gz && \
chown root:0 /usr/local/bin/createtree-linux-s390x.gz && chmod g+wx /usr/local/bin/createtree-linux-s390x.gz
##Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}
WORKDIR ${HOME}
# Do not run as root
USER 1001
# Set the binary as the entrypoint of the container
ENTRYPOINT ["/createtree"]