forked from google/trillian
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathDockerfile.updatetree.rh
71 lines (58 loc) · 3.65 KB
/
Dockerfile.updatetree.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.23@sha256:6a4a05d24acecde63d9c7c8c986ad9e5e20da2c2ce30312b328ed771736e7a1f AS build-env
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT
ENV CGO_ENABLED=false
ENV -buildvcs=false
WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
# Add source code
ADD ./ $APP_ROOT/src/
RUN go mod download && \
git config --global --add safe.directory /opt/app-root/src && \
make -f Build-clis.mak updatetree-cross-platform && \
cp updatetree-linux-amd64 updatetree && \
gzip updatetree-linux-amd64 && \
gzip updatetree-linux-ppc64le && \
gzip updatetree-linux-s390x && \
gzip updatetree-linux-arm64 && \
gzip updatetree-darwin-amd64 && \
gzip updatetree-darwin-arm64 && \
gzip updatetree-windows-amd64.exe
# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:8b314e254e9ab9a7a08b675fcfd3ed66a2943eeda7b26395210d451569976b9b AS deploy
# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/updatetree /
# Add license file
COPY LICENSE /licenses/LICENSE
LABEL description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency."
LABEL io.k8s.description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper."
LABEL io.k8s.display-name="updatetree"
LABEL io.openshift.tags="trillian updatetree trusted-artifact-signer"
LABEL summary="Provides the trillian updatetree binary for updating merkel trees."
LABEL com.redhat.component="updatetree"
LABEL name="updatetree"
COPY --from=build-env /opt/app-root/src/updatetree-darwin-amd64.gz /usr/local/bin/updatetree-darwin-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree-windows-amd64.exe.gz /usr/local/bin/updatetree-windows-amd64.exe.gz
COPY --from=build-env /opt/app-root/src/updatetree-darwin-arm64.gz /usr/local/bin/updatetree-darwin-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-arm64.gz /usr/local/bin/updatetree-linux-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-ppc64le.gz /usr/local/bin/updatetree-linux-ppc64le.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-s390x.gz /usr/local/bin/updatetree-linux-s390x.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-amd64.gz /usr/local/bin/updatetree-linux-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree /usr/local/bin/updatetree
RUN chown root:0 /usr/local/bin/updatetree && \
chmod g+wx /usr/local/bin/updatetree && \
chown root:0 /usr/local/bin/updatetree-darwin-amd64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-darwin-arm64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-windows-amd64.exe.gz && chmod g+wx /usr/local/bin/updatetree-windows-amd64.exe.gz && \
chown root:0 /usr/local/bin/updatetree-linux-arm64.gz && chmod g+wx /usr/local/bin/updatetree-linux-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-amd64.gz && chmod g+wx /usr/local/bin/updatetree-linux-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-ppc64le.gz && chmod g+wx /usr/local/bin/updatetree-linux-ppc64le.gz && \
chown root:0 /usr/local/bin/updatetree-linux-s390x.gz && chmod g+wx /usr/local/bin/updatetree-linux-s390x.gz
##Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}
WORKDIR ${HOME}
# Do not run as root
USER 1001
# Set the binary as the entrypoint of the container
ENTRYPOINT ["/updatetree"]