2021-01-15 17:23:36 +00:00
|
|
|
# syntax = docker/dockerfile:1.0-experimental
|
|
|
|
|
2021-01-07 21:20:25 +00:00
|
|
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
2020-08-09 17:04:05 +00:00
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2021-03-15 19:55:44 +00:00
|
|
|
FROM golang:1.16.2 as build-env
|
2020-07-17 03:52:53 +00:00
|
|
|
|
2020-07-06 23:54:04 +00:00
|
|
|
WORKDIR /work
|
2021-01-15 17:23:36 +00:00
|
|
|
COPY . .
|
|
|
|
ARG GOPROXY
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-08-06 00:43:24 +00:00
|
|
|
# Build the executable binary (CGO_ENABLED=0 means static linking)
|
2021-01-15 17:23:36 +00:00
|
|
|
# Pass in GOCACHE (build cache) and GOMODCACHE (module cache) so they
|
|
|
|
# can be re-used between image builds.
|
|
|
|
RUN \
|
|
|
|
--mount=type=cache,target=/cache/gocache \
|
|
|
|
--mount=type=cache,target=/cache/gomodcache \
|
|
|
|
mkdir out && \
|
|
|
|
GOCACHE=/cache/gocache \
|
|
|
|
GOMODCACHE=/cache/gomodcache \
|
|
|
|
CGO_ENABLED=0 \
|
|
|
|
GOOS=linux \
|
|
|
|
GOARCH=amd64 \
|
|
|
|
go build -v -ldflags "$(hack/get-ldflags.sh)" -o out \
|
|
|
|
./cmd/pinniped-concierge/... \
|
|
|
|
./cmd/pinniped-supervisor/... \
|
|
|
|
./cmd/local-user-authenticator/...
|
|
|
|
|
|
|
|
# Use a Debian slim image to grab a reasonable default CA bundle.
|
2021-03-31 05:41:15 +00:00
|
|
|
FROM debian:10.9-slim AS get-ca-bundle-env
|
2021-01-15 17:23:36 +00:00
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/* /var/cache/debconf/*
|
|
|
|
|
|
|
|
# Use a runtime image based on Debian slim.
|
2021-03-31 05:41:15 +00:00
|
|
|
FROM debian:10.9-slim
|
2021-01-15 17:23:36 +00:00
|
|
|
COPY --from=get-ca-bundle-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2021-01-15 17:23:36 +00:00
|
|
|
# Copy the binaries from the build-env stage.
|
|
|
|
COPY --from=build-env /work/out/ /usr/local/bin/
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-11-02 16:57:05 +00:00
|
|
|
# Document the ports
|
|
|
|
EXPOSE 8080 8443
|
|
|
|
|
|
|
|
# Run as non-root for security posture
|
|
|
|
USER 1001:1001
|
2020-08-12 20:57:27 +00:00
|
|
|
|
|
|
|
# Set the entrypoint
|
2020-10-06 18:59:03 +00:00
|
|
|
ENTRYPOINT ["/usr/local/bin/pinniped-concierge"]
|