forked from google/trillian
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Dockerfile.updatetree.rh
71 lines (58 loc) · 3.63 KB
/
Dockerfile.updatetree.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:c7bfd2501cb1be171366434a368db669b32f08a0198c1473b9bff0a379613fc3 AS build-env
ENV APP_ROOT=/opt/app-root
ENV GOPATH=$APP_ROOT
ENV CGO_ENABLED=false
ENV -buildvcs=false
WORKDIR $APP_ROOT/src/
ADD go.mod go.sum $APP_ROOT/src/
# Add source code
ADD ./ $APP_ROOT/src/
RUN go mod download && \
git config --global --add safe.directory /opt/app-root/src && \
make -f Build-clis.mak updatetree-cross-platform && \
cp updatetree-linux-amd64 updatetree && \
gzip updatetree-linux-amd64 && \
gzip updatetree-linux-ppc64le && \
gzip updatetree-linux-s390x && \
gzip updatetree-linux-arm64 && \
gzip updatetree-darwin-amd64 && \
gzip updatetree-darwin-arm64 && \
gzip updatetree-windows-amd64.exe
# Multi-Stage production build
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:8b6978d555746877c73f52375f60fd7b6fd27d6aca000eaed27d0995303c13de AS deploy
# Retrieve the binary from the previous stage
COPY --from=build-env /opt/app-root/src/updatetree /
# Add license file
COPY LICENSE /licenses/LICENSE
LABEL description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency."
LABEL io.k8s.description="Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper."
LABEL io.k8s.display-name="updatetree"
LABEL io.openshift.tags="trillian updatetree trusted-artifact-signer"
LABEL summary="Provides the trillian updatetree binary for updating merkel trees."
LABEL com.redhat.component="updatetree"
LABEL name="updatetree"
COPY --from=build-env /opt/app-root/src/updatetree-darwin-amd64.gz /usr/local/bin/updatetree-darwin-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree-windows-amd64.exe.gz /usr/local/bin/updatetree-windows-amd64.exe.gz
COPY --from=build-env /opt/app-root/src/updatetree-darwin-arm64.gz /usr/local/bin/updatetree-darwin-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-arm64.gz /usr/local/bin/updatetree-linux-arm64.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-ppc64le.gz /usr/local/bin/updatetree-linux-ppc64le.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-s390x.gz /usr/local/bin/updatetree-linux-s390x.gz
COPY --from=build-env /opt/app-root/src/updatetree-linux-amd64.gz /usr/local/bin/updatetree-linux-amd64.gz
COPY --from=build-env /opt/app-root/src/updatetree /usr/local/bin/updatetree
RUN chown root:0 /usr/local/bin/updatetree && \
chmod g+wx /usr/local/bin/updatetree && \
chown root:0 /usr/local/bin/updatetree-darwin-amd64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-darwin-arm64.gz && chmod g+wx /usr/local/bin/updatetree-darwin-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-windows-amd64.exe.gz && chmod g+wx /usr/local/bin/updatetree-windows-amd64.exe.gz && \
chown root:0 /usr/local/bin/updatetree-linux-arm64.gz && chmod g+wx /usr/local/bin/updatetree-linux-arm64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-amd64.gz && chmod g+wx /usr/local/bin/updatetree-linux-amd64.gz && \
chown root:0 /usr/local/bin/updatetree-linux-ppc64le.gz && chmod g+wx /usr/local/bin/updatetree-linux-ppc64le.gz && \
chown root:0 /usr/local/bin/updatetree-linux-s390x.gz && chmod g+wx /usr/local/bin/updatetree-linux-s390x.gz
##Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}
WORKDIR ${HOME}
# Do not run as root
USER 1001
# Set the binary as the entrypoint of the container
ENTRYPOINT ["/updatetree"]