-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathDockerfile
49 lines (44 loc) · 1.34 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
ARG GOLANG_VERSION=1.22.4
FROM --platform=$TARGETPLATFORM library/golang:${GOLANG_VERSION}-alpine AS golang
FROM alpine:3.18 as trivy-amd64
ARG TRIVY_VERSION=0.56.2
RUN set -ex; \
wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"; \
tar -xzf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz; \
mv trivy /usr/local/bin
FROM alpine:3.18 as trivy-arm64
ARG TRIVY_VERSION=0.56.2
RUN set -ex; \
wget -q "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz"; \
tar -xzf trivy_${TRIVY_VERSION}_Linux-ARM64.tar.gz; \
mv trivy /usr/local/bin
FROM trivy-${TARGETARCH} as trivy-base
FROM alpine:3.18
ENV GOTOOLCHAIN=local
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=golang /usr/local/go/ /usr/local/go/
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
WORKDIR $GOPATH
RUN apk --no-cache add \
bash \
coreutils \
curl \
docker \
file \
g++ \
gcc \
git \
make \
mercurial \
rsync \
subversion \
wget \
yq \
zstd
COPY scripts/ /usr/local/go/bin/
COPY --from=trivy-base /usr/local/bin/ /usr/bin/
RUN set -x && \
chmod -v +x /usr/local/go/bin/go-*.sh && \
go version && \
trivy image --download-db-only --quiet