forked from google/trillian
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathDockerfile.updatetree.rh
71 lines (58 loc) · 3.65 KB
/
Dockerfile.updatetree.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.23@sha256:44fd8f88f3b6463cda15571260f9ca3a0b78d3c8c8827a338e04ab3a23581a88 AS build-env
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT
ENV CGO_ENABLED=false
ENV -buildvcs=false
WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
# Add source code
ADD ./ $APP_ROOT/src/
RUN go mod download && \
git config --global --add safe.directory /opt/app-root/src && \
make -f Build-clis.mak updatetree-cross-platform && \
cp updatetree-linux-amd64 updatetree && \
gzip updatetree-linux-amd64 && \
gzip updatetree-linux-ppc64le && \
gzip updatetree-linux-s390x && \
gzip updatetree-linux-arm64 && \
gzip updatetree-darwin-amd64 && \
gzip updatetree-darwin-arm64 && \
gzip updatetree-windows-amd64.exe
# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:4c8830d349732ed8066544e1cbcf878ad64f39aa4364f13cf4a69954b0ccbda5 AS deploy
# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/updatetree /
# Add license file
COPY LICENSE /licenses/LICENSE
LABEL description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency."
LABEL io.k8s.description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper."
LABEL io.k8s.display-name="updatetree"
LABEL io.openshift.tags="trillian updatetree trusted-artifact-signer"
LABEL summary="Provides the trillian updatetree binary for updating merkel trees."
LABEL com.redhat.component="updatetree"
LABEL name="updatetree"
COPY --from=build-env /opt/app-root/src/updatetree-darwin-amd64.gz /usr/local/bin/updatetree-darwin-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree-windows-amd64.exe.gz /usr/local/bin/updatetree-windows-amd64.exe.gz
COPY --from=build-env /opt/app-root/src/updatetree-darwin-arm64.gz /usr/local/bin/updatetree-darwin-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-arm64.gz /usr/local/bin/updatetree-linux-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-ppc64le.gz /usr/local/bin/updatetree-linux-ppc64le.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-s390x.gz /usr/local/bin/updatetree-linux-s390x.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-amd64.gz /usr/local/bin/updatetree-linux-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree /usr/local/bin/updatetree
RUN chown root:0 /usr/local/bin/updatetree && \
chmod g+wx /usr/local/bin/updatetree && \
chown root:0 /usr/local/bin/updatetree-darwin-amd64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-darwin-arm64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-windows-amd64.exe.gz && chmod g+wx /usr/local/bin/updatetree-windows-amd64.exe.gz && \
chown root:0 /usr/local/bin/updatetree-linux-arm64.gz && chmod g+wx /usr/local/bin/updatetree-linux-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-amd64.gz && chmod g+wx /usr/local/bin/updatetree-linux-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-ppc64le.gz && chmod g+wx /usr/local/bin/updatetree-linux-ppc64le.gz && \
chown root:0 /usr/local/bin/updatetree-linux-s390x.gz && chmod g+wx /usr/local/bin/updatetree-linux-s390x.gz
##Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}
WORKDIR ${HOME}
# Do not run as root
USER 1001
# Set the binary as the entrypoint of the container
ENTRYPOINT ["/updatetree"]