forked from kubewarden/audit-scanner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
30 lines (25 loc) · 919 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Build the audit-scanner binary
FROM golang:1.21 as builder
WORKDIR /workspace
# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
# Copy the go source
COPY *.go ./
COPY cmd/ cmd/
COPY internal/ internal/
# Build
RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o audit-scanner .
FROM alpine AS cfg
RUN echo "audit-scanner:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd
RUN echo "audit-scanner:x:65533:audit-scanner" >> /etc/group
# Copy the statically-linked binary into a scratch container.
FROM scratch
COPY --from=cfg /etc/passwd /etc/passwd
COPY --from=cfg /etc/group /etc/group
COPY --from=builder --chmod=0755 /workspace/audit-scanner /audit-scanner
USER 65532:65532
ENTRYPOINT ["/audit-scanner"]