forked from gardener/ci-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
73 lines (62 loc) · 2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# ----------------
# Build container
# ----------------
FROM golang:1.23.4 AS builder
ARG GOPROXY=https://proxy.golang.org,direct
ENV GOPROXY=$GOPROXY
LABEL stage=intermediate
# Copy entire repository to image
COPY . /code
WORKDIR /code
# Build go executables into binaries
RUN mkdir /build && GOBIN=/build \
GO111MODULE=on CGO_ENABLED=0 GOOS=$(go env GOOS) GOARCH=$(go env GOARCH) go install ./...
# --------------------------
# Executable container base
# --------------------------
FROM gcr.io/distroless/static-debian12:nonroot AS base_nonroot
FROM alpine:3.21.0 AS ssl_git_runner
# Install SSL ca certificates
RUN apk add --no-cache ca-certificates git
# Create nonroot user and group to be used in executable containers
RUN addgroup -g 65532 -S nonroot && adduser -u 65532 -S nonroot -G nonroot
USER 65532
# ----------------------
# Executable containers
# ----------------------
FROM ssl_git_runner AS cherrypicker
LABEL app=cherrypicker
WORKDIR /
COPY --from=builder /build/cherrypicker /cherrypicker
ENTRYPOINT [ "/cherrypicker" ]
FROM ssl_git_runner AS job-forker
LABEL app=job-forker
WORKDIR /
COPY --from=builder /build/job-forker /job-forker
ENTRYPOINT [ "/job-forker" ]
FROM ssl_git_runner AS milestone-activator
LABEL app=milestone-activator
WORKDIR /
COPY --from=builder /build/milestone-activator /milestone-activator
ENTRYPOINT [ "/milestone-activator" ]
FROM base_nonroot AS cla-assistant
LABEL app=cla-assistant
WORKDIR /
COPY --from=builder /build/cla-assistant /cla-assistant
EXPOSE 8080
ENTRYPOINT [ "/cla-assistant" ]
FROM base_nonroot AS image-builder
LABEL app=image-builder
WORKDIR /
COPY --from=builder /build/image-builder /image-builder
ENTRYPOINT [ "/image-builder" ]
FROM ssl_git_runner AS release-handler
LABEL app=release-handler
WORKDIR /
COPY --from=builder /build/release-handler /release-handler
ENTRYPOINT [ "/release-handler" ]
FROM base_nonroot AS branch-cleaner
LABEL app=branch-cleaner
WORKDIR /
COPY --from=builder /build/branch-cleaner /branch-cleaner
ENTRYPOINT [ "/branch-cleaner" ]