From d6c775e24afff09817291ce216ae022a7078679c Mon Sep 17 00:00:00 2001 From: Krisztian Gacsal Date: Thu, 22 Feb 2024 00:03:44 +0100 Subject: [PATCH] refactor: dockerfile * make builder stage aligned with image builds in vmclarity * pin yara version to avoid compatibility issues --- Dockerfile | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index e770394..83a7c89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,21 @@ -# syntax=docker/dockerfile:1 +# syntax=docker/dockerfile:1@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 -FROM golang:1.22.0-alpine AS builder +FROM --platform=$BUILDPLATFORM golang:1.22.0-bullseye@sha256:0c099cf97c6162ceab8c9494c4ce8c2a19a73b852f334ec1876a42d05eb5f90b AS builder -RUN apk add --update --no-cache gcc g++ git ca-certificates build-base +ARG TARGETPLATFORM + +RUN --mount=type=cache,id=${TARGETPLATFORM}-apt,target=/var/cache/apt,sharing=locked \ + apt-get update \ + && apt-get install -y --no-install-recommends \ + gcc \ + libc6-dev + +WORKDIR /build + +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=bind,source=.,target=/build,ro \ + go mod download -x ARG VERSION ARG BUILD_TIMESTAMP @@ -16,16 +29,20 @@ RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ --mount=type=bind,source=.,target=/build,ro \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 \ - go build \ - -ldflags="-s -w \ + go build -ldflags="-s -w -extldflags -static \ -X 'github.com/openclarity/yara-rule-server/pkg/version.Version=${VERSION}' \ -X 'github.com/openclarity/yara-rule-server/pkg/version.CommitHash=${COMMIT_HASH}' \ -X 'github.com/openclarity/yara-rule-server/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}'" \ -o /bin/yara-rule-server main.go -FROM alpine:3.19 +FROM alpine:3.19@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b + +RUN apk add --update --no-cache \ + util-linux \ + ca-certificates \ + libc6-compat -RUN apk --no-cache add util-linux yara ca-certificates +RUN apk --no-cache add --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community yara=4.5.0-r0 COPY --from=builder --chmod=755 /bin/yara-rule-server /bin/yara-rule-server COPY --link --chmod=644 config.example.yaml /etc/yara-rule-server/config.yaml