attest-provider/Dockerfile

ARG BUILDERIMAGE="golang:1.22"
ARG BASEIMAGE="gcr.io/distroless/static:nonroot"

FROM ${BUILDERIMAGE} as builder

ARG LDFLAGS

ENV GO111MODULE=on \
  CGO_ENABLED=0

WORKDIR /go/src/github.com/docker/attest-external-data-provider

COPY . .

# --- This block can be replaced by `RUN go mod download` when github.com/docker/attest is public
ENV GOPRIVATE="github.com/docker/attest"
RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=secret,id=GITHUB_TOKEN <<EOT
  set -e
  GITHUB_TOKEN=${GITHUB_TOKEN:-$(cat /run/secrets/GITHUB_TOKEN)}
  if [ -n "$GITHUB_TOKEN" ]; then
    echo "Setting GitHub access token"
    git config --global "url.https://x-access-token:${GITHUB_TOKEN}@github.com.insteadof" "https://github.com"
  fi
  go mod download
EOT
# ---

RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build

FROM ${BASEIMAGE}

COPY --from=builder /go/src/github.com/docker/attest-external-data-provider/bin/attest /

COPY --from=builder --chown=65532:65532 /go/src/github.com/docker/attest-external-data-provider/certs/tls.crt \
  /go/src/github.com/docker/attest-external-data-provider/certs/tls.key \
  /certs/

USER 65532:65532

ENTRYPOINT ["/attest"]
merge poc 2024-05-23 10:52:35 -05:00			`ARG BUILDERIMAGE="golang:1.22"`
Initial commit 2024-05-23 10:19:55 -05:00			`ARG BASEIMAGE="gcr.io/distroless/static:nonroot"`

Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			`FROM ${BUILDERIMAGE} as builder`
Initial commit 2024-05-23 10:19:55 -05:00
			`ARG LDFLAGS`

			`ENV GO111MODULE=on \`
Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			`CGO_ENABLED=0`
Initial commit 2024-05-23 10:19:55 -05:00
Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			`WORKDIR /go/src/github.com/docker/attest-external-data-provider`
Initial commit 2024-05-23 10:19:55 -05:00
			`COPY . .`

Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			# --- This block can be replaced by `RUN go mod download` when github.com/docker/attest is public
merge poc 2024-05-23 10:52:35 -05:00			`ENV GOPRIVATE="github.com/docker/attest"`
Cache go deps and build cache 2024-06-11 11:22:57 +01:00			`RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=secret,id=GITHUB_TOKEN <<EOT`
merge poc 2024-05-23 10:52:35 -05:00			`set -e`
			`GITHUB_TOKEN=${GITHUB_TOKEN:-$(cat /run/secrets/GITHUB_TOKEN)}`
			`if [ -n "$GITHUB_TOKEN" ]; then`
			`echo "Setting GitHub access token"`
			`git config --global "url.https://x-access-token:${GITHUB_TOKEN}@github.com.insteadof" "https://github.com"`
			`fi`
			`go mod download`
			`EOT`
Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			`# ---`
Cache go deps and build cache 2024-06-11 11:22:57 +01:00
			`RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build`
Initial commit 2024-05-23 10:19:55 -05:00
			`FROM ${BASEIMAGE}`

Simplify image by specifying arch to the builder 2024-05-23 15:58:57 -04:00			`COPY --from=builder /go/src/github.com/docker/attest-external-data-provider/bin/attest /`
Initial commit 2024-05-23 10:19:55 -05:00
merge poc 2024-05-23 10:52:35 -05:00			`COPY --from=builder --chown=65532:65532 /go/src/github.com/docker/attest-external-data-provider/certs/tls.crt \`
			`/go/src/github.com/docker/attest-external-data-provider/certs/tls.key \`
			`/certs/`
Initial commit 2024-05-23 10:19:55 -05:00
			`USER 65532:65532`

merge poc 2024-05-23 10:52:35 -05:00			`ENTRYPOINT ["/attest"]`