-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
124 lines (115 loc) · 3.8 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
FROM debian:11-slim as build
# debian 11 = bullseye
# libgssapi-krb5-2 \
# liblttng-ust0 \
# libunwind8 \
# libuuid1 \
# zlib1g \
# curl \
# libcomerr2 \
# libidn2-0 \
# libk5crypto3 \
# libkrb5-3 \
# libldap-2.4-2 \
# libldap-common \
# libsasl2-2 \
# libsasl2-modules-db \
# libnghttp2-14 \
# libpsl5 \
# librtmp1 \
# libssh2-1 \
# libkeyutils1 \
# libkrb5support0 \
# libgnutls30 \
# libgmp10 \
# libhogweed4 \
# libidn11 \
# libnettle6 \
# libp11-kit0 \
# libffi6 \
# libtasn1-6 \
# libdb5.3 \
# libgcrypt20 \
# libgpg-error0 \
# libacl1 \
# libattr1 \
# libselinux1 \
# libpcre3 \
# libbz2-1.0 \
# liblzma5 \
# libcurl4 \
# libssl1.1 \
# libicu63 \
# libunistring2 \
# microsoft docs to debian dependencies
# https://docs.microsoft.com/en-us/dotnet/core/install/linux-debian#dependencies
# docs for self contained dependencies
# https://github.com/dotnet/core/blob/main/Documentation/self-contained-linux-apps.md
# distroless PR to drop dotnet (there are also important infos)
# https://github.com/GoogleContainerTools/distroless/pull/711/files
# more infos to how extract for the CVE scan relevant parts from deb packages
# see https://github.com/GoogleContainerTools/distroless/issues/863
RUN cd /tmp && \
apt-get update && \
apt-get install -y --no-install-recommends \
# install only deps
curl \
ca-certificates \
openssl \
&& \
apt-get download \
# ca-certificates \
\
# .NET Core dependencies
libc6 \
libgcc-s1 \
libgssapi-krb5-2 \
libicu67 \
libssl1.1 \
libstdc++6 \
zlib1g \
&& \
mkdir -p /dpkg/var/lib/dpkg/status.d/ && \
for deb in *.deb; do \
package_name=$(dpkg-deb -I ${deb} | awk '/^ Package: .*$/ {print $2}'); \
echo "Process: ${package_name}"; \
dpkg --ctrl-tarfile $deb | tar -Oxf - ./control > /dpkg/var/lib/dpkg/status.d/${package_name}; \
dpkg --extract $deb /dpkg || exit 10; \
done
# remove not needed files extracted from deb packages like man pages and docs etc.
RUN find /dpkg/ -type d -empty -delete && \
rm -r /dpkg/usr/share/doc/
# Retrieve .NET runtime
RUN dotnet_version='6.0.36' \
&& dotnet_sha512='afb6018fcabec468ccd7ae2f1131d8c9de7f4de7645b8f0c223efbbdbfdc515fb0642a399ebfe372c02044416c4cae463c9c802cd156b9da4181efff0e33ee94' \
&& curl -SL --output dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/Runtime/$dotnet_version/dotnet-runtime-$dotnet_version-linux-x64.tar.gz \
&& echo "$dotnet_sha512 dotnet.tar.gz" | sha512sum -c - \
&& mkdir -p /dotnet \
&& tar -ozxf dotnet.tar.gz -C /dotnet \
&& rm dotnet.tar.gz
# Retrieve ASP.NET Core
RUN aspnet_version='6.0.36' \
&& aspnetcore_sha512='0e3d1dcc715bffbcb8ab8cb4fd72accbeed79ac40b7fd517961797a168f4301505044d2c1494a49b0e68103940bd6c178c8ae7bacf75f4b40ce82cc85624f6bd' \
&& curl -SL --output aspnetcore.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$aspnet_version/aspnetcore-runtime-$aspnet_version-linux-x64.tar.gz \
&& echo "$aspnetcore_sha512 aspnetcore.tar.gz" | sha512sum -c - \
&& mkdir -p /aspnet \
&& tar -ozxf aspnetcore.tar.gz -C /aspnet \
&& rm aspnetcore.tar.gz
FROM gcr.io/distroless/cc-debian11 as runtime-deps
COPY --from=build ["/dpkg/", "/"]
FROM runtime-deps as runtime
ENV \
# .NET runtime version
DOTNET_VERSION=6.0.36 \
# Enable detection of running in a container
DOTNET_RUNNING_IN_CONTAINER=true \
# Set the default console formatter to JSON
Logging__Console__FormatterName=Json
COPY --from=build ["/dotnet", "/usr/share/dotnet"]
FROM runtime as aspnet
ENV \
# Configure web servers to bind to port 8080 (to be able to run as nonroot)
ASPNETCORE_URLS=http://+:8080 \
# ASP.NET Core version
ASPNET_VERSION=6.0.36
COPY --from=build ["/aspnet", "/usr/share/dotnet"]