ory · aeneasr · Apr 5, 2022 · Mar 31, 2022 · Apr 1, 2022 · Apr 1, 2022
@@ -1,8 +1,8 @@
-FROM alpine:3.15.1
+FROM alpine:3.15
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -H -s /bin/nologin
-RUN apk --no-cache --update-cache --upgrade --latest add ca-certificates
+RUN apk --no-cache --upgrade --latest add ca-certificates
 
 COPY hydra /usr/bin/hydra
 

@@ -1,22 +1,20 @@
 FROM golang:1.17-alpine3.15 AS builder
 
-RUN apk -U --no-cache add build-base git gcc bash
+RUN apk -U --no-cache --upgrade --latest add build-base git gcc bash
 
 WORKDIR /go/src/github.com/ory/hydra
 
-ADD go.mod go.mod
-ADD go.sum go.sum
-
+COPY go.mod go.sum ./
 ENV GO111MODULE on
 ENV CGO_ENABLED 1
 
 RUN go mod download
 
-ADD . .
+COPY . .
 
 RUN go build -tags sqlite -o /usr/bin/hydra
 
-FROM alpine:3.15.1
+FROM alpine:3.15
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D  -h /home/ory -s /bin/nologin; \
@@ -26,8 +24,9 @@ COPY --from=builder /usr/bin/hydra /usr/bin/hydra
 
 # By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which
 # is required for read/write of SQLite.
-RUN mkdir -p /var/lib/sqlite
-RUN chown ory:ory /var/lib/sqlite
+RUN mkdir -p /var/lib/sqlite && \
+    chown ory:ory /var/lib/sqlite
+
 VOLUME /var/lib/sqlite
 
 # Exposing the ory home directory
@@ -40,3 +39,5 @@ USER ory
 
 ENTRYPOINT ["hydra"]
 CMD ["serve"]
+
+
@@ -1,18 +1,17 @@
-FROM golang:1.16-alpine AS builder
+FROM golang:1.18-alpine AS builder
 
-RUN apk --no-cache --update-cache --upgrade --latest add build-base git gcc bash
+RUN apk --no-cache add --upgrade --latest build-base git gcc bash
 
 WORKDIR /go/src/github.com/ory/hydra
 
-ADD go.mod go.mod
-ADD go.sum go.sum
+COPY go.mod go.sum ./
 
 ENV GO111MODULE on
 ENV CGO_ENABLED 1
 
 RUN go mod download
 
-ADD . .
+COPY . .
 
 FROM builder as build-hydra
 RUN go build -tags=sqlite,hsm -o /usr/bin/hydra
@@ -23,13 +22,13 @@ ENV HSM_LIBRARY=/usr/lib/softhsm/libsofthsm2.so
 ENV HSM_TOKEN_LABEL=hydra
 ENV HSM_PIN=1234
 
-RUN apk --no-cache --update-cache --upgrade --latest add softhsm opensc; \
+RUN apk --no-cache --upgrade --latest add softhsm opensc; \
     pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --slot 0 --init-token --so-pin 0000 --init-pin --pin 1234 --label hydra; \
     go test -p 1 -v -failfast -short -tags=sqlite,hsm ./...
 
-FROM alpine:3.15.1
+FROM alpine:3.15
 
-RUN apk --no-cache --update-cache --upgrade --latest add softhsm opensc; \
+RUN apk --no-cache --upgrade --latest add softhsm opensc; \
     pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --slot 0 --init-token --so-pin 0000 --init-pin --pin 1234 --label hydra
 
 RUN addgroup -S ory; \
@@ -41,8 +40,9 @@ COPY --from=build-hydra /usr/bin/hydra /usr/bin/hydra
 
 # By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which
 # is required for read/write of SQLite.
-RUN mkdir -p /var/lib/sqlite
-RUN chown ory:ory /var/lib/sqlite
+RUN mkdir -p /var/lib/sqlite && \
+    chown ory:ory /var/lib/sqlite
+
 VOLUME /var/lib/sqlite
 
 # Exposing the ory home directory

@@ -1,6 +1,6 @@
-FROM alpine:3.15.1
+FROM alpine:3.15
 
-RUN apk --no-cache --update-cache --upgrade --latest add ca-certificates
+RUN apk --no-cache --upgrade --latest add ca-certificates
 
 # set up nsswitch.conf for Go's "netgo" implementation
 # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275

@@ -1,4 +1,4 @@
-FROM alpine:3.15.1
+FROM alpine:3.15
 
 # Because this image is built for SQLite, we create /home/ory and /home/ory/sqlite which is owned by the ory user
 # and declare /home/ory/sqlite a volume.
@@ -9,17 +9,18 @@ FROM alpine:3.15.1
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D  -h /home/ory -s /bin/nologin; \
-    chown -R ory:ory /home/ory
-RUN apk --no-cache --update-cache --upgrade --latest add ca-certificates
+    chown -R ory:ory /home/ory && \
+    apk --no-cache --upgrade --latest add ca-certificates
 
 WORKDIR /home/ory
 
 COPY hydra /usr/bin/hydra
 
 # By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which
 # is required for read/write of SQLite.
-RUN mkdir -p /var/lib/sqlite
-RUN chown ory:ory /var/lib/sqlite
+RUN mkdir -p /var/lib/sqlite && \
+    chown ory:ory /var/lib/sqlite
+
 VOLUME /var/lib/sqlite
 
 # Exposing the ory home directory

@@ -8,8 +8,9 @@ RUN wget https://gitlab.com/openid/conformance-suite/-/archive/release-v4.1.4/co
   find conformance-suite-release-v4.1.4 -maxdepth 1 -mindepth 1 -exec mv {} . \; && \
   rmdir conformance-suite-release-v4.1.4
 
-RUN mvn -B clean package -DskipTests
-RUN apt-get update && apt-get install -y redir ca-certificates
+RUN mvn -B clean package -DskipTests && \
+    apt-get update && apt-get install -y \
+    redir ca-certificates && \
 
 COPY ssl/ory-conformity.crt /etc/ssl/certs/
 COPY ssl/ory-conformity.key /etc/ssl/private/

@@ -1,19 +1,20 @@
 FROM golang:1.17-buster AS builder
 
 RUN apt-get update && \
-  apt-get install -y git gcc bash ssl-cert ca-certificates
+    apt-get install --no-install-recommends -y \
+    git gcc bash ssl-cert ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /go/src/github.com/ory/hydra
 
-ADD go.mod go.mod
-ADD go.sum go.sum
+COPY go.mod go.sum ./
 
 ENV GO111MODULE on
 ENV CGO_ENABLED 1
 
 RUN go mod download
 
-ADD . .
+COPY . .
 
 RUN go build -tags sqlite -o /usr/bin/hydra
 
@@ -25,10 +26,10 @@ VOLUME /home/ory
 # Declare the standard ports used by hydra (4444 for public service endpoint, 4445 for admin service endpoint)
 EXPOSE 4444 4445
 
-RUN mv test/conformance/ssl/ory-ca.* /etc/ssl/certs/
-RUN mv test/conformance/ssl/ory-conformity.crt /etc/ssl/certs/
-RUN mv test/conformance/ssl/ory-conformity.key /etc/ssl/private/
-RUN update-ca-certificates
+RUN mv test/conformance/ssl/ory-ca.* /etc/ssl/certs/ && \
+    mv test/conformance/ssl/ory-conformity.crt /etc/ssl/certs/ && \
+    mv test/conformance/ssl/ory-conformity.key /etc/ssl/private/ && \
+    update-ca-certificates
 
 ENTRYPOINT ["hydra"]
 CMD ["serve"]