From 0394bf8ceab3806140b8645f89742552d4b53cda Mon Sep 17 00:00:00 2001
From: Andrew Keesler <akeesler@vmware.com>
Date: Tue, 18 Jan 2022 19:40:28 -0500
Subject: [PATCH] distroless: Dockerfile works with distroless base image
I can build this via:
docker build --build-arg BASEIMAGE=gcr.io/distroless/static:latest -t andrew:distroless .
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
---
Dockerfile | 18 +++++++++++-------
Makefile | 2 +-
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 7ce70100..1a3117d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,5 @@
+ARG BASEIMAGE=alpine:3.15.0
+
FROM golang:1.17.6-alpine3.14 AS builder
WORKDIR /usr/local/src/dex
@@ -20,6 +22,12 @@ COPY . .
RUN make release-binary
+FROM alpine:3.15.0 AS stager
+
+RUN mkdir -p /var/dex
+RUN mkdir -p /etc/dex
+COPY config.docker.yaml /etc/dex/
+
FROM alpine:3.15.0 AS gomplate
ARG TARGETOS
@@ -33,7 +41,7 @@ RUN wget -O /usr/local/bin/gomplate \
&& chmod +x /usr/local/bin/gomplate
-FROM alpine:3.15.0
+FROM $BASEIMAGE
# Dex connectors, such as GitHub and Google logins require root certificates.
# Proper installations should manage those certificates, but it's a bad user
@@ -42,12 +50,8 @@ FROM alpine:3.15.0
# See https://go.dev/src/crypto/x509/root_linux.go for Go root CA bundle locations.
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-RUN mkdir -p /var/dex
-RUN chown -R 1001:1001 /var/dex
-
-RUN mkdir -p /etc/dex
-COPY config.docker.yaml /etc/dex/
-RUN chown -R 1001:1001 /etc/dex
+COPY --from=stager --chown=1001:1001 /var/dex /var/dex
+COPY --from=stager --chown=1001:1001 /etc/dex /etc/dex
# Copy module files for CVE scanning / dependency analysis.
COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
diff --git a/Makefile b/Makefile
index 775e3316..8572091e 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ group=$(shell id -g -n)
export GOBIN=$(PWD)/bin
-LD_FLAGS="-w -X main.version=$(VERSION)"
+LD_FLAGS="-w -X main.version=$(VERSION) -extldflags \"-static\""
# Dependency versions
--
GitLab