-
Notifications
You must be signed in to change notification settings - Fork 209
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
- Loading branch information
1 parent
80ead2d
commit 2bf1e74
Showing
2 changed files
with
49 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# syntax=docker/dockerfile:1.9@sha256:fe40cf4e92cd0c467be2cfc30657a680ae2398318afd50b0c80585784c604f28 | ||
|
||
# Copyright Authors of Cilium | ||
# SPDX-License-Identifier: Apache-2.0 | ||
FROM --platform=${BUILDPLATFORM} golang:1.23.0-alpine3.20@sha256:d0b31558e6b3e4cc59f6011d79905835108c919143ebecc58f35965bf79948f4 AS base | ||
RUN apk add --no-cache --update ca-certificates git make | ||
WORKDIR /go/src/github.com/cilium/cilium-cli | ||
COPY go.* . | ||
RUN --mount=type=cache,target=/go/pkg/mod go mod download | ||
COPY . . | ||
|
||
# xx is a helper for cross-compilation | ||
# when bumping to a new version analyze the new version for security issues | ||
# then use crane to lookup the digest of that version so we are immutable | ||
# crane digest tonistiigi/xx:1.3.0 | ||
FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:904fe94f236d36d65aeb5a2462f88f2c537b8360475f6342e7599194f291fb7e AS xx | ||
|
||
FROM --platform=${BUILDPLATFORM} base AS builder | ||
ARG TARGETPLATFORM | ||
ARG TARGETARCH | ||
COPY --link --from=xx / / | ||
RUN --mount=type=cache,target=/root/.cache/go-build \ | ||
--mount=type=cache,target=/go/pkg/mod \ | ||
xx-go --wrap && \ | ||
make && \ | ||
xx-verify --static /go/src/github.com/cilium/cilium-cli/cilium | ||
|
||
FROM --platform=${BUILDPLATFORM} cgr.dev/chainguard/wolfi-base:latest@sha256:72c8bfed3266b2780243b144dc5151150015baf5a739edbbde53d154574f1607 | ||
LABEL maintainer="maintainer@cilium.io" | ||
ENTRYPOINT [""] | ||
CMD ["bash"] | ||
ARG cilium_uid=1000 | ||
ARG cilium_gid=1000 | ||
ARG cilium_home=/home/cilium | ||
RUN apk add --update --no-cache bash busybox kubectl && \ | ||
addgroup -g ${cilium_gid} cilium && \ | ||
adduser -D -h ${cilium_home} -u ${cilium_uid} -G cilium cilium | ||
WORKDIR ${cilium_home} | ||
COPY --link --from=builder --chown=${cilium_uid}:${cilium_gid} --chmod=755 /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium | ||
COPY --link --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | ||
USER ${cilium_uid}:${cilium_gid} |